Allwinner left backdoor in 3.4 kernel for low-end Android devices


( Ars Technica link ) Note: I submitted this to BBS a few weeks ago but they didn’t pick it up so I hope I’m safe this time. :laughing:

Allwinner, chipmaker for low end Android devices, left a backdoor into their version of the Linux kernel that allows applications to gain root.

tkaiser writes:

This security flaw is currently present in every OS image for H3, A83T or H8 devices that rely on Kernel 3.4: this applies to all OS images available for Orange Pis (except Armbian 5.10 available since May 1st), any for FriendlyARM’s NanoPi M1, SinoVoip’s M2+ and M3, Cuebietech’s Cubietruck + and Linksprite’s pcDuino8 Uno

I’ve found the experience on low end Android imports abysmal but if you’re running one, you should probably check to make sure you’re not affected.


This topic was automatically closed after 265 days. New replies are no longer allowed.