Update two issues that need more work to fix in 3.16

author: Ben Hutchings <ben@decadent.org.uk> 2019-11-12 22:04:36 +0000
committer: Ben Hutchings <ben@decadent.org.uk> 2019-11-12 22:04:36 +0000
commit: cc80e1e14dd36e7e8b24e7cf1bac005042a23e4f (patch)
tree: 01e643010c0b0f86c408a999cdef43763c0b06b5 /active/CVE-2019-2213
parent: 01be1555915eea5c107c85ccdd1ee3e6835a1820 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/active/CVE-2019-2213 b/active/CVE-2019-2213
index 48e9e9e4..186d2a62 100644
--- a/active/CVE-2019-2213
+++ b/active/CVE-2019-2213
@@ -2,8 +2,12 @@ Description: binder: fix possible UAF when freeing buffer
 References:
  https://lore.kernel.org/patchwork/patch/1087916/
 Notes:
+ bwh> For branches older than 4.20, the second hunk should be applied
+ bwh> to binder_thread_write() instead of binder_free_buf().
  bwh> For branches older than 4.14, the first hunk should be applied to
  bwh> binder_pop_transaction() instead of binder_free_transaction().
+ bwh> It's not clear how the locking should be done for branches older
+ bwh> than 4.14 though.
 Bugs:
 upstream: released (5.2-rc6) [a370003cc301d4361bae20c9ef615f89bf8d1e8a]
 4.19-upstream-stable: released (4.19.64) [22068d49d09d2b3890e19d7b2048a33340f992da]
author	Ben Hutchings <ben@decadent.org.uk>	2019-11-12 22:04:36 +0000
committer	Ben Hutchings <ben@decadent.org.uk>	2019-11-12 22:04:36 +0000
commit	cc80e1e14dd36e7e8b24e7cf1bac005042a23e4f (patch)
tree	01e643010c0b0f86c408a999cdef43763c0b06b5 /active/CVE-2019-2213
parent	01be1555915eea5c107c85ccdd1ee3e6835a1820 (diff)