Zach Riggle

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** A elevation of privilege vulnerability exists in the Upstream Linux tcb, affecting Android. **Recommendations** For Android kernel, apply the fix for the elevation of privilege vulnerability in the Upstream Linux tcb.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-05-01 **Description** The issue is related to insufficient access control in the libbacktrace/Backtrace.cpp function of the debuggerd component in Android. This allows attackers to gain privileges via an application containing a crafted symbol name. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-05-01, update to a version released on or after 2016-05-01.

**Name of the Vulnerable Software and Affected Versions** Android 6.x versions prior to 2016-02-01 **Description** The issue is related to the get build id function in the elf utils.cpp file of the Debuggerd application in Android. It allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note. The vulnerability is associated with insufficient access control to certain functions, which can be exploited by a local attacker using a specially crafted application to elevate their privileges. **Recommendations** For Android 6.x versions prior to 2016-02-01, consider restricting access to the get build id function in the elf utils.cpp file of the Debuggerd application until a patch is available. As a temporary workaround, avoid using the Desc Size element in ELF Notes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-02-01 **Description** The issue is related to a use-after-free vulnerability in the wifi cleanup function, which can be exploited by attackers to gain privileges. This can be achieved by leveraging access to the local physical environment during the execution of a crafted application. **Recommendations** For Android versions prior to 2016-02-01, consider restricting access to the wifi cleanup function in the wifi hal.cpp component until a patch is available. As a temporary workaround, avoid using the wifi hal component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3 **Description** The issue is related to errors in handling the `mmap min addr` variable in the LIST POISON function of the Linux kernel. This can allow a remote attacker to bypass a protection mechanism by triggering the use of an uninitialized list entry. **Recommendations** For Linux kernel versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `mmap min addr` variable to minimize the risk of exploitation.