DivestOS/Patches/Linux_CVEs/CVE-2016-3857/ANY/2.patch

From 127f66a3cfe0df54c4a3e86c0bc64d6a49f570a8 Mon Sep 17 00:00:00 2001
From: Marcos Marado <mmarado@cyngn.com>
Date: Tue, 12 Jul 2016 17:45:06 +0100
Subject: [PATCH] CVE-2016-3857: CONFIG_OABI_COMPAT must be disabled

An elevation of privilege vulnerability in the kernel could enable a local
malicious application to execute arbitrary code within the context of the
kernel.
This issue is rated as Critical due to the possibility of a local permanent
device compromise, which may require reflashing the operating system to repair
the device.

ANDROID_28522518

There is no validation of the events variable passed to the sys_oabi_epoll_wait
function.
The fix is designed to disable OABI support, which will remove the vulnerable
code.

Issue: CYNGNOS-3257

Change-Id: I1002e9feeaecc276aeda73f86ff089b58e9f626f
---

diff --git a/arch/arm64/configs/cyanogenmod_crackling-64_defconfig b/arch/arm64/configs/cyanogenmod_crackling-64_defconfig
index 6d95cf4..1bb5ac4 100644
--- a/arch/arm64/configs/cyanogenmod_crackling-64_defconfig
+++ b/arch/arm64/configs/cyanogenmod_crackling-64_defconfig
@@ -321,6 +321,7 @@
 CONFIG_VIDEO_V4L2_SUBDEV_API=y
 CONFIG_VIDEOBUF2_MSM_MEM=y
 CONFIG_V4L_PLATFORM_DRIVERS=y
+# CONFIG_OABI_COMPAT is not set
 CONFIG_MSMB_CAMERA=y
 CONFIG_MSM_CAMERA_SENSOR=y
 CONFIG_MSM_CPP=y
diff --git a/arch/arm64/configs/cyanogenmod_kipper-64_defconfig b/arch/arm64/configs/cyanogenmod_kipper-64_defconfig
index 19813d4..a64717e 100644
--- a/arch/arm64/configs/cyanogenmod_kipper-64_defconfig
+++ b/arch/arm64/configs/cyanogenmod_kipper-64_defconfig
@@ -373,6 +373,7 @@
 CONFIG_VIDEO_V4L2_SUBDEV_API=y
 CONFIG_VIDEOBUF2_MSM_MEM=y
 CONFIG_V4L_PLATFORM_DRIVERS=y
+# CONFIG_OABI_COMPAT is not set
 CONFIG_MSMB_CAMERA=y
 CONFIG_MSM_CAMERA_SENSOR=y
 CONFIG_MSM_CPP=y