The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
Exploitability
AV:LAC:LPR:NUI:NScope
S:UImpact
C:LI:NA:N4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N