ACK: [SRU][Bionic][PATCH 0/1] CVE-2021-39714

Tim Gardner tim.gardner at canonical.com
Tue Jun 21 13:10:40 UTC 2022


On 6/20/22 09:51, Cengiz Can wrote:
> [Impact]
> In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due
> to an integer overflow. This could lead to local escalation of
> privilege with no additional execution privileges needed. User
> interaction is not needed for exploitation. Android ID: A-205573273
> 
> [Fix]
> Vulnerable part does not exist in any of the modern kernel versions.
> 
> There's also a patchset that removes the functionality alltogether but
> I decided to cherry-pick this minimal fix from linux-4.14.y instead.
> 
> [Test case]
> Compile and boot tested with default amd64 config on generic.
> 
> [Potential regression]
> Unknown but highly unlikely since it's in an Android driver.
> 
> Lee Jones (1):
>    staging: ion: Prevent incorrect reference counting behavour
> 
>   drivers/staging/android/ion/ion.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>

-- 
-----------
Tim Gardner
Canonical, Inc



More information about the kernel-team mailing list