5.5
CVE-2021-46935
- EPSS 0.23%
- Veröffentlicht 27.02.2024 10:15:07
- Zuletzt bearbeitet 21.11.2024 06:34:58
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
binder: fix async_free_space accounting for empty parcels
In the Linux kernel, the following vulnerability has been resolved:
binder: fix async_free_space accounting for empty parcels
In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space")
fixed a kernel structure visibility issue. As part of that patch,
sizeof(void *) was used as the buffer size for 0-length data payloads so
the driver could detect abusive clients sending 0-length asynchronous
transactions to a server by enforcing limits on async_free_size.
Unfortunately, on the "free" side, the accounting of async_free_space
did not add the sizeof(void *) back. The result was that up to 8-bytes of
async_free_space were leaked on every async transaction of 8-bytes or
less. These small transactions are uncommon, so this accounting issue
has gone undetected for several years.
The fix is to use "buffer_size" (the allocated buffer size) instead of
"size" (the logical buffer size) when updating the async_free_space
during the free operation. These are the same except for this
corner case of asynchronous transactions with payloads < 8 bytes.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.14.0 < 4.14.261
Linux ≫ Linux Kernel Version >= 4.15.0 < 4.19.224
Linux ≫ Linux Kernel Version >= 4.20.0 < 5.4.170
Linux ≫ Linux Kernel Version >= 5.5.0 < 5.10.90
Linux ≫ Linux Kernel Version >= 5.11.0 < 5.15.13
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.135 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da
https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff
https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4
https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495
https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593
https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901