APPLIED: [PATCH 0/1][SRU][D] CVE-2019-1999 - Binder use-after-free
Kleber Souza
kleber.souza at canonical.com
Tue Apr 23 14:55:40 UTC 2019
On 4/18/19 9:07 AM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-1999
>
> In binder_alloc_free_page of binder_alloc.c, there is a possible double
> free due to improper locking. This could lead to local escalation of
> privilege in the kernel with no additional execution privileges needed.
> User interaction is not needed for exploitation.
>
> Required minor backporting effort. Clean build logs. Tested using the
> binderfs_test selftest program which exercises binder allocation.
>
> Tyler
>
> Todd Kjos (1):
> binder: fix race between munmap() and direct reclaim
>
> drivers/android/binder_alloc.c | 18 ++++++++----------
> 1 file changed, 8 insertions(+), 10 deletions(-)
>
Applied to disco/master-next branch.
Thanks,
Kleber
More information about the kernel-team
mailing list