An Investigation of the Android Kernel Patch Ecosystem


Zheng Zhang, UC RIverside; Hang Zhang and Zhiyun Qian, UC Riverside; Billy Lau, Google Inc.


open-source projects are often reused in commercial software. Android, a popular mobile operating system, is a great example that has fostered an ecosystem of open-source kernels. However, due to the largely decentralized and fragmented nature, patch propagation from the upstream through multiple layers to end devices can be severely delayed. In this paper, we undertake a thorough investigation of the patch propagation behaviors in the entire Android kernel ecosystem. By analyzing the CVEs and patches available since the inception of the Android security bulletin, as well as open-source upstream kernels (e.g., Linux and AOSP) and hundreds of mostly binary OEM kernels (e.g., by Samsung), we find that the delays of patches are largely due to the current patching practices and the lack of knowledge about which upstream commits being security-critical. Unfortunately, we find that the gap between the first publicly available patch and its final application on end devices is often months and even years, leaving a large attack window for experienced hackers to exploit the unpatched vulnerabilities

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {263842,
author = {Zheng Zhang and Hang Zhang and Zhiyun Qian and Billy Lau},
title = {An Investigation of the Android Kernel Patch Ecosystem},
booktitle = {30th USENIX Security Symposium (USENIX Security 21)},
year = {2021},
isbn = {978-1-939133-24-3},
pages = {3649--3666},
url = {},
publisher = {USENIX Association},
month = aug

Presentation Video