>This bug was originally found and reported in November 2017 and patched in February 2018. Syzbot, a syzkaller system that continuously fuzzes the Linux kernel, originally reported the use-after-free bug to Linux kernel mailing lists and the syzkaller-bugs mailing list in November 2017. From this report, the bug was patched in the Linux 4.14, Android 3.18, Android 4.4, and Android 4.9 kernels in February 2018. However, this fix was never included in an Android monthly security bulletin and thus the bug was never patched in many already released devices, such as Pixel and Pixel 2.
Even my currently supported device (Moto x4) is vulnerable because it hasn't received the October 6 patch. It's more than halfway through November, and I'm still on the October 1st patch. The vendor patching system is pretty terrible with Android and ends up leaving many devices vulnerable to publicly known exploits most of the time.
>This bug was originally found and reported in November 2017 and patched in February 2018. Syzbot, a syzkaller system that continuously fuzzes the Linux kernel, originally reported the use-after-free bug to Linux kernel mailing lists and the syzkaller-bugs mailing list in November 2017. From this report, the bug was patched in the Linux 4.14, Android 3.18, Android 4.4, and Android 4.9 kernels in February 2018. However, this fix was never included in an Android monthly security bulletin and thus the bug was never patched in many already released devices, such as Pixel and Pixel 2.
Yea, that's a very large number of active devices, for a bug that's believed to be actively exploited. Roughly 75% going by this: https://android.stackexchange.com/questions/51651/which-andr... plus https://developer.android.com/about/dashboards