One of the first comments there with the partial ARM opcode map shows why this vulnerability is "theoretical" - you can overflow the buffer, but the bytes written to the buffer are restricted so much (values will always be between 43 and 126) that it would be nearly impossible to write useful exploit code.<p>The details are here:<p><a href="http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed/" rel="nofollow">http://securityintelligence.com/android-keystore-stack-buffe...</a>
The sad thing is how many of these devices, despite being only a year or two old, may only get patched much later or never.<p>I find it interesting that Google is forcing the ability to update [1] Android watches, cars, and TV boxes by limiting OEM customization. I guess the carrot approach hasn't been working well enough to convince OEMs.<p>[1] <a href="http://arstechnica.com/gadgets/2014/06/android-wear-auto-and-tv-save-you-from-skins-and-oems-from-themselves/" rel="nofollow">http://arstechnica.com/gadgets/2014/06/android-wear-auto-and...</a>