[SRU][Bionic][PATCH 0/1] CVE-2021-39714
Cengiz Can
cengiz.can at canonical.com
Mon Jun 20 15:51:18 UTC 2022
[Impact]
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due
to an integer overflow. This could lead to local escalation of
privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. Android ID: A-205573273
[Fix]
Vulnerable part does not exist in any of the modern kernel versions.
There's also a patchset that removes the functionality alltogether but
I decided to cherry-pick this minimal fix from linux-4.14.y instead.
[Test case]
Compile and boot tested with default amd64 config on generic.
[Potential regression]
Unknown but highly unlikely since it's in an Android driver.
Lee Jones (1):
staging: ion: Prevent incorrect reference counting behavour
drivers/staging/android/ion/ion.c | 3 +++
1 file changed, 3 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list