Privilege Escalation via Execute-Only Pages in Linux Kernel (CVE-2016-28557020)

Privilege Escalation via Execute-Only Pages in Linux Kernel (CVE-2016-28557020)

CVE-2014-9803 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.