This issue exists in the sysmmu_unmap function and could lead to local escalation of privilege in a guest guest OS without user interaction. On Android, the kernel is running as PID 1 and there is no strict separation between host and device code. This allows for a possible out of bounds write in sysmmu_unmap function with kernel code. Exploitation of this issue requires user interaction. In the sysmmu_unmap function, a possible out of bounds write can be caused by a missing bounds check. This issue exists in the sysmmu_unmap function and could lead to local escalation of privilege in a guest guest OS without user interaction. On Android, the kernel is running as PID 1 and there is no strict separation between host and device code. This allows for a possible out of bounds write in sysmmu_unmap function with kernel code. Exploitation of this issue requires user interaction. In the sysmmu_unmap function, a possible out of bounds write can be caused by a missing bounds check. - CVE-2017-13866 - CVE-2017-13867 - CVE-2017-13868 - CVE-2017-13869 - CVE-2017-13870 - CVE-2017-13871 - CVE-2017-13872 - CVE-2017-13873 - CVE-2017-13874 - CVE-2017-13875 - CVE-2017-13876 - CVE-2017-13877 - CVE
Scheduler loop vulnerability
In the scheduler loop of the Linux kernel, a vulnerability was found in the way priority inheritance works. This vulnerability could allow a local user to gain elevated system privileges. In order to exploit this issue, a user must first be able to run code on the same CPU core as the target process. - CVE-2017-13885 - CVE-2017-13886 - CVE-2017-13867
References:
- https://security.googleblog.com/2017/09/what-weve-learned-about-sysmmu_unmap.html
References https://www.ubuntu.com/usn/usn-3468 -1
Timeline
Published on: 09/14/2022 16:15:00 UTC
Last modified on: 09/16/2022 19:21:00 UTC