RCE in Linux (inc Android) via UDP. CVSS 10.0. I'm a little confused as to why a bigger fuss isn't being made of this
nvd.nist.gov/vuln/detail/CVE-2
Is it that the vuln doesn't have a cool brand name and logo and website?
I was pleasantly surprised to find out that my nexus phone was patched for this last week. Other androids are probably going to be fucked

Follow

@liamo Fefe explains that very few (if any) applications use MSG_PEEK on UDP sockets – which would be required for this bug to be exploitable: blog.fefe.de/?ts=a6110f5c (german only, unfortunately)

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!