1. 13
  1.  

  2. 4

    it’s probably remotely exploitable if combined with networked services that might allow access to /proc.

    That is the most idiotic thing I’ve ever heard. … … So it’s probably true.

    1. 1

      What’s depressing is that there are Android handsets running this kernel (or a vulnerable variant) which are likely (at least in the US) to remain unpatched for some time due to the carriers dragging their feet. I wouldn’t doubt that there is overlap between handsets vulnerable to this and those still affected by ‘Stagefright’.

    2. 1

      Just in case anyone was looking for yet another reason to studiously avoid everything Allwinner’s ever touched…