ACK: [SRU][Bionic][PATCH 0/1] CVE-2021-39714
Stefan Bader
stefan.bader at canonical.com
Fri Jun 24 08:20:58 UTC 2022
On 20.06.22 17:51, Cengiz Can wrote:
> [Impact]
> In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due
> to an integer overflow. This could lead to local escalation of
> privilege with no additional execution privileges needed. User
> interaction is not needed for exploitation. Android ID: A-205573273
>
> [Fix]
> Vulnerable part does not exist in any of the modern kernel versions.
>
> There's also a patchset that removes the functionality alltogether but
> I decided to cherry-pick this minimal fix from linux-4.14.y instead.
>
> [Test case]
> Compile and boot tested with default amd64 config on generic.
>
> [Potential regression]
> Unknown but highly unlikely since it's in an Android driver.
>
> Lee Jones (1):
> staging: ion: Prevent incorrect reference counting behavour
>
> drivers/staging/android/ion/ion.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220624/34eb1f74/attachment.sig>
More information about the kernel-team
mailing list