Slashdot Mirror
Serious Security Bugs Found In Android Kernel
geek4 writes with this excerpt from eWeek Europe: "An analysis of Google Android Froyo's open source kernel has uncovered 88 critical flaws that could expose users' personal information. An analysis of the kernel used in Google's Android smartphone software has turned up 88 high-risk security flaws that could be used to expose users' personal information, security firm Coverity said in a report published on Tuesday. The results, published in the 2010 edition of the Coverity Scan Open Source Integrity Report, are based on an analysis of the Froyo kernel used in HTC's Droid Incredible handset. ... While Android implementations vary from device to device, Coverity said the same flaws were likely to exist in other handsets as well. Coverity uncovered a total of 359 bugs, about one-quarter of which were classified as high-risk."
88 Critical flaws on the wall... 88 critical flaws... You take one down, pass it around...
An analysis of Google Android Froyo's open source kernel has uncovered 88 critical flaws that could expose users' personal information. An analysis of the kernel used in Google's Android smartphone software has turned up 88 high-risk security flaws that could be used to expose users' personal information
Does it also cause words in sentences to duplicate? Does it also cause sentences to duplicate? Also, was this submission done on an Android phone?
today is spelling optional day.
Those "critical" and "serious" label are largely meaningless; Coverity allows you to configure classes of "problems" as being one of several different severity. It is what the sysadmin of Coverity wants it to be. If so desired, buffer overflow could be configured to the severity of "minor."
ELOI, ELOI, LAMA SABACHTHANI!?
Coverity uncovered a total of 359 bugs, about one-quarter of which were classified as high-risk.
Based on my experience using Coverity's tools, more than half are actually false positives and less than half of what's left are really as serious as rated.
They are outed, and so get fixed even faster.
Well, sort of. Even if they get fixed quickly by developers, the time it takes them to actually get fixes to consumer devices is huge. That deployment process relies on device manufacturers who often customize the OS a bit per-device and cell carriers who have to push out the updates. For them it's just an expense/loss of resources, so unless it's something really serious they don't even seem to put much effort into it.
Odd, I don't know why you're picking on me, but I assume "Android Kernel" is marketing-speak for "Linux", in which I've reported found and fixes dozens of flaws over the years.
As you're so interested, here are some from the last month or two that you can take a look at.
CVE-2010-3080, A use-after-free in snd_seq_oss_open
CVE-2010-2960, A to-userspace dereference in keyctl_session_to_parent.
CVE-2010-2954, Kernel panic and to-userspace dereference in AF_IRDA sockets.
CVE-2010-3067, Various problems with aio (things like aio_submit())
The coverity results I've seen in the past are generally very low quality with a high density of chaff. I haven't seen the report they're talking about, but would be surprised if there were any noteworthy findings with any significant security impact. The only report I've seen them publish that had any convincing vulnerabilities was in 2006, where they found a verifiable privilege escalation in XFree86 (due to a pretty horrendous typo).
I'm a little saddened that you so readily associate me with Windows security, where as I consider myself primarily a Linux security developer, but I guess I'm flattered that where I spend my time is so important to you.
(perhaps a little creepy, though).
ex$$