Bug 1381188 (CVE-2016-3857) - CVE-2016-3857 kernel: privilege escalation in sys_oabi_*() in arm kernel
Summary: CVE-2016-3857 kernel: privilege escalation in sys_oabi_*() in arm kernel
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-3857
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Engineering1381190 1381191
Blocks: Embargoed1378366
TreeView+ depends on / blocked
 
Reported: 2016-10-03 11:11 UTC by Vladis Dronov
Modified: 2021-10-27 10:51 UTC (History)
25 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-27 10:51:40 UTC

Attachments (Terms of Use)

Description Vladis Dronov 2016-10-03 11:11:08 UTC 
The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.

Related:

https://source.android.com/security/bulletin/2016-08-01.html

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3857

https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3857

https://security-tracker.debian.org/tracker/CVE-2016-3857

An upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7de249964f5578e67b99699c5f0b405738d820a2
Comment 2 Vladis Dronov 2016-10-03 11:15:17 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1381191]
Comment 3 Vladis Dronov 2016-10-03 11:22:35 UTC 
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. 6, 7 and Red Hat Enterprise MRG-2 as the code with the flaw is not present in the products listed.
Comment 6 Justin M. Forbes 2016-10-03 13:32:56 UTC 
This issue was resolved in the 4.7.1 stable update, and does not impact any currently supported fedora kernel.
Note You need to log in before you can comment on or make changes to this bug.