Description: | An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935. Qidan He discovered that the ICMP implementation in the Linux kernel did not properly check the size of an ICMP header. A local attacker with CAP_NET_ADMIN could use this to expose sensitive information.
|