( Ars Technica link ) Note: I submitted this to BBS a few weeks ago but they didn’t pick it up so I hope I’m safe this time. 
Allwinner, chipmaker for low end Android devices, left a backdoor into their version of the Linux kernel that allows applications to gain root.
tkaiser writes:
This security flaw is currently present in every OS image for H3, A83T or H8 devices that rely on Kernel 3.4: this applies to all OS images available for Orange Pis (except Armbian 5.10 available since May 1st), any for FriendlyARM’s NanoPi M1, SinoVoip’s M2+ and M3, Cuebietech’s Cubietruck + and Linksprite’s pcDuino8 Uno
I’ve found the experience on low end Android imports abysmal but if you’re running one, you should probably check to make sure you’re not affected.
