[PATCH 0/1][SRU][D] CVE-2019-1999 - Binder use-after-free
Tyler Hicks
tyhicks at canonical.com
Thu Apr 18 07:07:40 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-1999
In binder_alloc_free_page of binder_alloc.c, there is a possible double
free due to improper locking. This could lead to local escalation of
privilege in the kernel with no additional execution privileges needed.
User interaction is not needed for exploitation.
Required minor backporting effort. Clean build logs. Tested using the
binderfs_test selftest program which exercises binder allocation.
Tyler
Todd Kjos (1):
binder: fix race between munmap() and direct reclaim
drivers/android/binder_alloc.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list