As widely known, the Android operating system is based on Linux. Even if it has been subjected to a heavy customisation to improve it in terms of performance and security on mobile/embedded devices, it still preserves a lot of interesting concepts and components of its parent, one of them is the “everything is a file” philosophy.

The /proc virtual file system (from now on VFS), was born from this approach and is usually referred to as a process information pseudo-file system. It doesn’t contain “real” files but runtime system information (e.g. system memory, devices mounted, hardware configuration). Our researchers discovered a system vulnerability related to the VFS that affect all the Android devices with an operating system < 8.1, which means around 2 Billion of users1.

This document describes in detail the vulnerability discovered: CVE-2017-13165.