NACK: [SRU][Bionic][PATCH 0/1] CVE-2021-39714
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Thu Jul 7 21:39:10 UTC 2022
This patch got picked up in a stable update.
- Luke
On Mon, Jun 20, 2022 at 8:52 AM Cengiz Can <cengiz.can at canonical.com> wrote:
> [Impact]
> In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due
> to an integer overflow. This could lead to local escalation of
> privilege with no additional execution privileges needed. User
> interaction is not needed for exploitation. Android ID: A-205573273
>
> [Fix]
> Vulnerable part does not exist in any of the modern kernel versions.
>
> There's also a patchset that removes the functionality alltogether but
> I decided to cherry-pick this minimal fix from linux-4.14.y instead.
>
> [Test case]
> Compile and boot tested with default amd64 config on generic.
>
> [Potential regression]
> Unknown but highly unlikely since it's in an Android driver.
>
> Lee Jones (1):
> staging: ion: Prevent incorrect reference counting behavour
>
> drivers/staging/android/ion/ion.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220707/87f1383c/attachment-0001.html>
More information about the kernel-team
mailing list