Elliott Hughes

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.4 Android versions 5.0.x through 5.0.2 Android versions 5.1.x through 5.1.1 Android versions 6.x before 2016-07-01 **Description** The issue allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file. This is due to insufficient input validation in the `print maps` function. A local attacker can exploit this issue by using a specially crafted file with a long name in the device's memory. **Recommendations** For Android versions 4.x through 4.4.4, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.2, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.1, update to version 5.1.1 or later. For Android versions 6.x before 2016-07-01, update to a version released after 2016-07-01. As a temporary workaround, consider restricting access to the `print maps` function in `toolbox/lsof.c` to minimize the risk of exploitation.