SB2016010608 - Permissions, Privileges, and Access Controls in Google, Google Android
Published: January 6, 2016 Updated: August 9, 2020
Security Bulletin ID
SB2016010608
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-6640)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.
Remediation
Install update from vendor's website.