mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-26 02:39:48 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/android
History
Todd Kjos a4a3c070b8 binder: fix possible UAF when freeing buffer 
commit a370003cc3 upstream.

There is a race between the binder driver cleaning
up a completed transaction via binder_free_transaction()
and a user calling binder_ioctl(BC_FREE_BUFFER) to
release a buffer. It doesn't matter which is first but
they need to be protected against running concurrently
which can result in a UAF.

Signed-off-by: Todd Kjos <tkjos@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-08-04 09:32:01 +02:00
..
binder.c binder: fix possible UAF when freeing buffer 2019-08-04 09:32:01 +02:00
binder_alloc.c binder: fix race between munmap() and direct reclaim 2019-06-09 09:18:20 +02:00
binder_alloc.h binder: fix race that allows malicious free of live buffer 2018-12-05 19:41:26 +01:00
binder_alloc_selftest.c android: binder: Add global lru shrinker to binder 2017-08-28 16:47:17 +02:00
binder_trace.h android: binder: Add shrinker tracepoints 2017-08-28 16:47:17 +02:00
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Makefile android: binder: Add allocator selftest 2017-08-28 16:47:17 +02:00