it’s probably remotely exploitable if combined with networked services that might allow access to /proc.
That is the most idiotic thing I’ve ever heard. … … So it’s probably true.
What’s depressing is that there are Android handsets running this kernel (or a vulnerable variant) which are likely (at least in the US) to remain unpatched for some time due to the carriers dragging their feet. I wouldn’t doubt that there is overlap between handsets vulnerable to this and those still affected by ‘Stagefright’.
Just in case anyone was looking for yet another reason to studiously avoid everything Allwinner’s ever touched…