Serious Linux bug affecting Android. FP1/2 affected?

Hey all,

There is a Linux bug which also affects Android. It allows potentially malicious apps to gain root access. Does anyone know whether we can expect security fixes for FP1 and FP2? From what I read I assume both OSes are affected by this.

The bug in more detail:


I’ve read at several sites that Kitkat+ are affected, but SELinux has so far prevented any exploit of this vulnerability.

1 Like


Today 20-01-2016 in
As I am no whizzzzzkid, so a little worried.
I wonder what happens to my FP1. Do I get an update, or…???

It’s not that easy to exploit right now on Android. But needs to be patched anyway. People will find a way to make this … faster, I assume.

OK, so in file kernel/security/keys/process_keys.c , lines 813 and 814:
if (ret < 0) goto error2;

If I understand the bug correctly, we can just replace that with:
if (ret < 0) { key_put (keyring); goto error2; }

Indentation isn’t working for some reason. Anyway. It’s late and I should have been sleeping, and my boyfriend also claimed his own phone so I don’t have a development phone anymore. If someone can try compiling that and then letting me know, it would be great. Otherwise, we could get the Debian kernel source and look for the relevant patch.

The mentioned bug affects Linux kernel versions 3.8.0 and later. The FP2 runs version 3.4.0 so it shouldn’t be affected. You can check the kernel version in the Settings -> About phone.

1 Like

That’s what I thought originally (you can check my previous post’s edit history) but I believe Linux modifications are backported to Android’s kernel, else someone more competent than us would have noticed that Kitkat and Lollipop shouldn’t be affected.

1 Like

On second thought, it doesn’t seem to be affected. I took a closer look and can’t locate the lines that would contain the bug. The lines I found are something else which doesn’t seem to leak a reference, according to that page (and unreffing something there would cause a double free => crash!)

1 Like

Yes, that is what I read as well. Some Linux distributions, including Android, have backported the faulty code, which is why the bug is also present in Android with older kernels. However, apparently SELinux (as well as SMAP/SMEP) can prevent problems due to the bug.

Anyhow, since some have raised concerns about Fairphone updates, I think that with the FP1 the Fairphone team has already proofed that they can be quite fast to deliver updates if serious bugs affect their systems. So I am convinced that if this bug threatens FP-OS, we will get an update rather sooner than later.


This sounds correct … the Makefile includes 3.4.0 and so does the kernel image.

On can run a crude script
dd if=kernel bs=1 skip=$(LC_ALL=C grep -a -b -o $'\x1f\x8b\x08\x00\x00\x00\x00\x00' kernel | cut -d ':' -f 1) | zgrep -a 'Linux version'
to find out more about the Linux kernel version on a device.

Good news everyone: According to Google, only a small number of Android devices affected, and Android 5+ protected by SELinux.
Seems that Fairphones are not threatened by the bug

We believe that no Nexus devices are vulnerable to exploitation by 3rd party applications. Further, devices with Android 5.0 and above are protected, as the Android SELinux policy prevents 3rd party applications from reaching the affected code. Also, many devices running Android 4.4 and earlier do not contain the vulnerable code introduced in linux kernel 3.8, as those newer kernel versions not common on older Android devices.