First published: Mon Dec 05 2016(Updated: )
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
Credit: security@android.com security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | <=7.0 | |
Linux Linux kernel | <=3.18.54 | |
Linux Linux kernel | >=3.19<=3.19.8 | |
Google Android | ||
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-8967 is a vulnerability in the Linux kernel that allows local users to bypass page permissions and modify the system-call table to gain privileges.
CVE-2015-8967 has a severity rating of high, with a severity value of 7.
The Linux kernel versions before 4.0 are affected by CVE-2015-8967.
To fix CVE-2015-8967, update your Linux kernel to version 4.0 or later.
You can find more information about CVE-2015-8967 in the references provided: [Link 1](http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c623b33b4e9599c6ac5076f7db7369eb9869aa04), [Link 2](http://source.android.com/security/bulletin/2016-12-01.html), [Link 3](https://github.com/torvalds/linux/commit/c623b33b4e9599c6ac5076f7db7369eb9869aa04).