blob: 55b84056a218ee5b5e6a69510861be8c0c942272 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Description: binder: fix possible UAF when freeing buffer
References:
https://lore.kernel.org/patchwork/patch/1087916/
Notes:
bwh> For branches older than 4.20, the second hunk should be applied
bwh> to binder_thread_write() instead of binder_free_buf().
bwh> For branches older than 4.14, the first hunk should be applied to
bwh> binder_pop_transaction() instead of binder_free_transaction().
bwh> It's not clear how the locking should be done for branches older
bwh> than 4.14 though.
Bugs:
upstream: released (5.2-rc6) [a370003cc301d4361bae20c9ef615f89bf8d1e8a]
5.10-upstream-stable: N/A "Fixed before branch point"
4.19-upstream-stable: released (4.19.64) [22068d49d09d2b3890e19d7b2048a33340f992da]
4.9-upstream-stable: needed
3.16-upstream-stable: ignored "not used in Android"
sid: released (5.2.6-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.67-1)
4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "Android drivers not supported"
|
