retired/CVE-2021-46935


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Description: binder: fix async_free_space accounting for empty parcels
References:
Notes:
 carnil> Introduced in 74310e06be4d ("android: binder: Move buffer out of area shared
 carnil> with user space"). Vulnerable versions: 4.14-rc1.
Bugs:
upstream: released (5.16-rc8) [cfd0d84ba28c18b531648c9d4a35ecca89ad9901]
6.7-upstream-stable: N/A "Fixed before branching point"
6.6-upstream-stable: N/A "Fixed before branching point"
6.1-upstream-stable: N/A "Fixed before branching point"
5.10-upstream-stable: released (5.10.90) [1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4]
4.19-upstream-stable: released (4.19.224) [7c7064402609aeb6fb11be1b4ec10673ff17b593]
sid: released (5.15.15-1)
6.1-bookworm-security: N/A "Fixed before branching point"
5.10-bullseye-security: released (5.10.92-1)
4.19-buster-security: released (4.19.232-1)