5.5

CVE-2021-47360

binder: make sure fd closes complete

In the Linux kernel, the following vulnerability has been resolved:

binder: make sure fd closes complete

During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object
cleanup may close 1 or more fds. The close operations are
completed using the task work mechanism -- which means the thread
needs to return to userspace or the file object may never be
dereferenced -- which can lead to hung processes.

Force the binder thread back to userspace if an fd is closed during
BC_FREE_BUFFER handling.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.0 < 5.4.150
LinuxLinux Kernel Version >= 5.5 < 5.10.70
LinuxLinux Kernel Version >= 5.11 < 5.14.9
LinuxLinux Kernel Version4.20.1
LinuxLinux Kernel Version5.15 Updaterc1
LinuxLinux Kernel Version5.15 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.16
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d
Patch
https://git.kernel.org/stable/c/aa2c274c279ff365a06a4cba263f04965895166e
Patch
https://git.kernel.org/stable/c/b95483d8d94b41fa31a84c1d86710b7907a37621
Patch
https://git.kernel.org/stable/c/d5b0473707fa53b03a5db0256ce62b2874bddbc7
Patch