Project

General

Profile

Actions

Issue #1047

closed

Futex (aka Towelroot) vulnerability - CVE-2014-3153

Added by My Self almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
High
Category:
Security
Target version:
Start date:
11/06/2014
Due date:
% Done:

0%

Estimated time:
Resolution:
fixed
Device:
Grant:
Type of work:

Actions #1

Updated by Denis 'GNUtoo' Carikli almost 10 years ago

Maybe we should classify better the security issues.
Here it's a security bug (There is no category for that yet) and it's a privilege escalation.

Is it exploitable by f-droid applications?

Since android applications are somehow sandboxed, would toweelroot work?
It uses mmap, and the sockets API.
  • IS mmap prevented?
  • Does CONFIG_PARANOID_NETWORK prevent using sockets that way?

Denis.

Actions #2

Updated by Denis 'GNUtoo' Carikli almost 10 years ago

  • Category changed from 51 to Security
Actions #3

Updated by My Self almost 10 years ago

To f-droid I just could repead, what I've wrote in http://redmine.replicant.us/issues/1023

It seems to work this way: "[...] the app runs some code, the code crashed [sic] android and leave it confused, in its confused state it thinks that the app should be root, then the app installs something to allow other apps to become root."
Source: http://geeksided.com/2014/06/16/towelroot-exploit-reveals-security-nightmare-android/
So it breaks the sandbox and should work unless I'm very much mistaken...

Actions #4

Updated by Paul Kocialkowski almost 10 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

This was already fixed in every Replicant kernel, for months now. Please reopen if you find a kernel that doesn't have these patches applied.

Actions

Also available in: Atom PDF