From 127f66a3cfe0df54c4a3e86c0bc64d6a49f570a8 Mon Sep 17 00:00:00 2001 From: Marcos Marado Date: Tue, 12 Jul 2016 17:45:06 +0100 Subject: [PATCH] CVE-2016-3857: CONFIG_OABI_COMPAT must be disabled An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. ANDROID_28522518 There is no validation of the events variable passed to the sys_oabi_epoll_wait function. The fix is designed to disable OABI support, which will remove the vulnerable code. Issue: CYNGNOS-3257 Change-Id: I1002e9feeaecc276aeda73f86ff089b58e9f626f --- diff --git a/arch/arm64/configs/cyanogenmod_crackling-64_defconfig b/arch/arm64/configs/cyanogenmod_crackling-64_defconfig index 6d95cf4..1bb5ac4 100644 --- a/arch/arm64/configs/cyanogenmod_crackling-64_defconfig +++ b/arch/arm64/configs/cyanogenmod_crackling-64_defconfig @@ -321,6 +321,7 @@ CONFIG_VIDEO_V4L2_SUBDEV_API=y CONFIG_VIDEOBUF2_MSM_MEM=y CONFIG_V4L_PLATFORM_DRIVERS=y +# CONFIG_OABI_COMPAT is not set CONFIG_MSMB_CAMERA=y CONFIG_MSM_CAMERA_SENSOR=y CONFIG_MSM_CPP=y diff --git a/arch/arm64/configs/cyanogenmod_kipper-64_defconfig b/arch/arm64/configs/cyanogenmod_kipper-64_defconfig index 19813d4..a64717e 100644 --- a/arch/arm64/configs/cyanogenmod_kipper-64_defconfig +++ b/arch/arm64/configs/cyanogenmod_kipper-64_defconfig @@ -373,6 +373,7 @@ CONFIG_VIDEO_V4L2_SUBDEV_API=y CONFIG_VIDEOBUF2_MSM_MEM=y CONFIG_V4L_PLATFORM_DRIVERS=y +# CONFIG_OABI_COMPAT is not set CONFIG_MSMB_CAMERA=y CONFIG_MSM_CAMERA_SENSOR=y CONFIG_MSM_CPP=y