ACK: [PATCH 0/1][SRU][D] CVE-2019-1999 - Binder use-after-free
Andrea Righi
andrea.righi at canonical.com
Thu Apr 18 07:52:33 UTC 2019
On Thu, Apr 18, 2019 at 07:07:40AM +0000, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-1999
>
> In binder_alloc_free_page of binder_alloc.c, there is a possible double
> free due to improper locking. This could lead to local escalation of
> privilege in the kernel with no additional execution privileges needed.
> User interaction is not needed for exploitation.
>
> Required minor backporting effort. Clean build logs. Tested using the
> binderfs_test selftest program which exercises binder allocation.
>
> Tyler
>
> Todd Kjos (1):
> binder: fix race between munmap() and direct reclaim
>
> drivers/android/binder_alloc.c | 18 ++++++++----------
> 1 file changed, 8 insertions(+), 10 deletions(-)
Looks good to me!
Acked-by: Andrea Righi <andrea.righi at canonical.com>
More information about the kernel-team
mailing list