[PATCH 0/1] [SRU f/linux-oem-5.6] CVE-2020-0423
Tim Gardner
tim.gardner at canonical.com
Wed Mar 10 14:23:34 UTC 2021
[Impact]
In binder_release_work of binder.c, there is a possible use-after-free due to
improper locking. This could lead to local escalation of privilege in the
kernel with no additional execution privileges needed. User interaction is
not needed for exploitation.Product: AndroidVersions: Android kernelAndroid
ID: A-161151868References: N/A
>From the Ubuntu security team:
It was discovered that a race condition existed in the binder IPC implementation
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.
[Test Case]
None
[Potential regression]
This patch has been released in
linux-4.14.y
linux-4.19.y
linux-5.4.y
linux-5.8.y
linux-5.9.y
More information about the kernel-team
mailing list