Allwinner left backdoor in 3.4 kernel for low-end Android devices


#1

( Ars Technica link ) Note: I submitted this to BBS a few weeks ago but they didn’t pick it up so I hope I’m safe this time. :laughing:

Allwinner, chipmaker for low end Android devices, left a backdoor into their version of the Linux kernel that allows applications to gain root.

tkaiser writes:

This security flaw is currently present in every OS image for H3, A83T or H8 devices that rely on Kernel 3.4: this applies to all OS images available for Orange Pis (except Armbian 5.10 available since May 1st), any for FriendlyARM’s NanoPi M1, SinoVoip’s M2+ and M3, Cuebietech’s Cubietruck + and Linksprite’s pcDuino8 Uno

I’ve found the experience on low end Android imports abysmal but if you’re running one, you should probably check to make sure you’re not affected.


#2

This topic was automatically closed after 265 days. New replies are no longer allowed.