Android debuggerd was recently changed to drop privileges between attaching to a crashed process and dumping it to reduce its attack surface. The following issue allows that mitigation to be bypassed and also allows a privileged attacker (logcat access) to bypass userland ASLR.
e3b26b923b2068794d5d67acba6581a955ecd58983ca2ae7279cff6181fca069