In fastrpc_internal_invoke of drivers/misc/fastrpc.c, there is a possible way for user-mode processes to send fastrpc kernel requests due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.