The bug was originally fixed in the Linux kernel in April 2014, but wasn’t flagged as a vulnerability until February 2015 when its security implications were understood and it received the CVE-2015-1805 identifier. Even then, the fix did not get ported to Android, which is based on the Linux kernel.
It wasn’t until Feb. 19 that researchers from a security outfit called C0RE Team notified Google that the vulnerability could be exploited on Android in order to achieve privilege escalation — the execution of code with the privileges of the root account.
To read this article in full or to leave a comment, please click here