Information Disclosure Vulnerability in Kernel IPC Router Module (CVE-2015-6642)

Release Date:

April 20, 2016

Affected Projects:

Android for MSM Firefox OS for MSM QRD Android

Advisory ID:

QCIR-2016-00006-1

CVE ID(s):

CVE-2015-6642

Summary:

CVE-2015-6642: When processing the IPC_ROUTER_IOCTL_LOOKUP_SERVER ioctl, a lookup that returns few entries results in a large disclosure of uninitialized kernel heap memory.

Access Vector: Local

Security Risk: Medium

Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:

We advise customers to apply the following patches:

https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.18/commit/?id=4ad825ba2968666069740c3e80fe31ed3d0e29ba

Acknowledgement:

Please reference Google's January 2016 Nexus Security Advisory. This issue is ANDROID- 24157888.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com

Information Disclosure Vulnerability in Kernel IPC Router Module (CVE-2015-6642)

Release Date:

Affected Projects:

Advisory ID:

CVE ID(s):

Summary:

Access Vector: Local

Security Risk: Medium

Access Vector: Local

Affected Versions:

Patch:

Acknowledgement:

Revisions:

Contact:

Subscribe via RSS: