ACK: [SRU][Bionic][PATCH 0/1] CVE-2021-39714
Tim Gardner
tim.gardner at canonical.com
Tue Jun 21 13:10:40 UTC 2022
On 6/20/22 09:51, Cengiz Can wrote:
> [Impact]
> In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due
> to an integer overflow. This could lead to local escalation of
> privilege with no additional execution privileges needed. User
> interaction is not needed for exploitation. Android ID: A-205573273
>
> [Fix]
> Vulnerable part does not exist in any of the modern kernel versions.
>
> There's also a patchset that removes the functionality alltogether but
> I decided to cherry-pick this minimal fix from linux-4.14.y instead.
>
> [Test case]
> Compile and boot tested with default amd64 config on generic.
>
> [Potential regression]
> Unknown but highly unlikely since it's in an Android driver.
>
> Lee Jones (1):
> staging: ion: Prevent incorrect reference counting behavour
>
> drivers/staging/android/ion/ion.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list