Linux IPC router binding any port as a control port (CVE-2016-2059)

Release Date:

April 29, 2016

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2016-00003-1

CVE ID(s):

CVE-2016-2059

Summary:

The following security vulnerabilities have been identified in IPC router kernel module. CVE-2016-2059: When a user-space thread constantly performs the IPC router kernel module BIND_CONTROL_PORT ioctl operation with a port that is already in the control port list, a corrupted control port list can occur when a second thread performs a port deletion from the control port list, which can lead to privilege escalation.

Access Vector: Local
Security Risk: High
Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:
Acknowledgement:

Qualcomm Innovation Center, Inc. (QuIC) thanks Adam Donenfeld et al. (Check Point Software Technologies Ltd.) for reporting the related issues and working with QuIC to help improve Android device security.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com