A two year old issue rumbles on, and Google Android has issued an advisory, and a patch, but, of course, all the Android partners have to issue a fix for it to become secure.

Google has become aware of a rooting application using an unpatched local elevation of privilege vulnerability in the kernel on some Android devices (CVE-2015-1805). For this application to affect a device, the user must first install it. Android Security Advisory: Two-Year Old Linux Kernel Vulnerability [source.android.com]

This issue is rated as a Critical severity issue due to the possibility of a local privilege escalation and arbitrary code execution leading to local permanent device compromise.