|
Message-ID: <5600451D.5060404@gmail.com>
Date: Mon, 21 Sep 2015 13:57:49 -0400
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Samsung S4 (GT-I9500) multiple kernel
vulnerabilities
Further evidence that PaX/grsecurity are extremely important.
CVE-2015-1800 is prevented by the STRUCTLEAK GCC plugin.
The CVE-2015-1801 issues would have been caught by the ARM port of
UDEREF in non-exploit usage. I'd guess that a port of UDEREF to an
Android kernel would uncover more of these.
It's sad that Samsung never addressed this. I guess they might now that
there's a CVE, as vendors generally only backport security fixes when it
becomes an image problem.
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.