ACK: [SRU][Bionic][PATCH 0/1] CVE-2021-39714
stefan.bader at canonical.com
Fri Jun 24 08:20:58 UTC 2022
On 20.06.22 17:51, Cengiz Can wrote:
> In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due
> to an integer overflow. This could lead to local escalation of
> privilege with no additional execution privileges needed. User
> interaction is not needed for exploitation. Android ID: A-205573273
> Vulnerable part does not exist in any of the modern kernel versions.
> There's also a patchset that removes the functionality alltogether but
> I decided to cherry-pick this minimal fix from linux-4.14.y instead.
> [Test case]
> Compile and boot tested with default amd64 config on generic.
> [Potential regression]
> Unknown but highly unlikely since it's in an Android driver.
> Lee Jones (1):
> staging: ion: Prevent incorrect reference counting behavour
> drivers/staging/android/ion/ion.c | 3 +++
> 1 file changed, 3 insertions(+)
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the kernel-team