[SRU][Bionic][PATCH 0/1] CVE-2021-39714

Cengiz Can cengiz.can at canonical.com
Mon Jun 20 15:51:18 UTC 2022

In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due
to an integer overflow. This could lead to local escalation of
privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. Android ID: A-205573273

Vulnerable part does not exist in any of the modern kernel versions.

There's also a patchset that removes the functionality alltogether but
I decided to cherry-pick this minimal fix from linux-4.14.y instead.

[Test case]
Compile and boot tested with default amd64 config on generic.

[Potential regression]
Unknown but highly unlikely since it's in an Android driver.

Lee Jones (1):
  staging: ion: Prevent incorrect reference counting behavour

 drivers/staging/android/ion/ion.c | 3 +++
 1 file changed, 3 insertions(+)


More information about the kernel-team mailing list