CVE-2019-2215 made some headlines because of P0. On the other hand something like CVE-2019-15239 went unnoticed. First reported and fixed in early 2018 The bug was present in all 4.4/4.9 android kernels for over a year after the 4.14 upstream fix
Mid last year a cve was finally assigned and the fix backported to 4.4/4.9 because syzkaller kept triggering the bug The bug can even be exploited using the same iovec refill technique used in the P0 post
Comments 1
CVE-2019-2215 made some headlines because of P0.
On the other hand something like CVE-2019-15239 went unnoticed.
First reported and fixed in early 2018
The bug was present in all 4.4/4.9 android kernels for over a year after the 4.14 upstream fix
Mid last year a cve was finally assigned and the fix backported to 4.4/4.9 because syzkaller kept triggering the bug
The bug can even be exploited using the same iovec refill technique used in the P0 post
Reply
Leave a comment