retired/CVE-2020-0423


1
2
3
4
5
6
7
8
9
10
11
12
13

Description: binder: fix UAF when releasing todo list
References:
 https://lore.kernel.org/lkml/20201009232455.4054810-1-tkjos@google.com/
Notes:
 carnil> For v5.9.y fixed in 5.9.2.
 bwh> Appears to have been introduced by locking changes around 4.14
Bugs:
upstream: released (5.10-rc1) [f3277cbfba763cd2826396521b9296de67cf1bbc]
4.19-upstream-stable: released (4.19.153) [35cc2facc2a5ff52b9aa03f2dc81dcb000d97da3]
4.9-upstream-stable: N/A "Vulnerability introduced later"
sid: released (5.9.6-1)
4.19-buster-security: released (4.19.160-1)
4.9-stretch-security: N/A "Vulnerability introduced later"