Google is pretty good at getting updates out to Nexus devices as quickly as possible, and this new update needs to be fast. A new vulnerability referred to as CVE-2015-1805 is a rooting application using an unpatched local elevation of privilege vulnerability in the kernel. This was first discovered and fixed in April 2014 but it wasn’t designated as a security fix until February 2, 2015.
On February 19, 2016, the CORE Team told Google that the vulnerability could be exploited and a patch was developed. It wasn’t until last week on March 15, 2016, that Zimperium found that this exploit had been abused on a Nexus 5 phone.
“This issue is rated as a Critical severity issue due to the possibility of a local privilege escalation and arbitrary code execution leading to local permanent device compromise.”
This vulnerability applies to all unpatched Android devices on kernel versions 3.4, 3.10 and 3.14. Android devices running kernel version 3.18 are not vulnerable.
“The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an “I/O vector array overrun.”
What is a vulnerability?
A security vulnerability is a weakness in a product that could allow an attacker to compromise the integrity, availability, or confidentiality of that product. As noted in Common Vulnerabilities and Exposures (CVE),
For CVE, a vulnerability is a state in a computing system (or set of systems) that either:
- allows an attacker to execute commands as another user
- allows an attacker to access data that is contrary to the specified access restrictions for that data
- allows an attacker to pose as another entity
- allows an attacker to conduct a denial of service