Bugzilla – Bug 1197214
VUL-0: CVE-2021-39714: kernel-source-azure,kernel-source-rt,kernel-source: integer overflow leading to use after free in ion.c
Last modified: 2022-03-17 14:45:21 UTC
CVE-2021-39714 In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39714 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39714 https://source.android.com/security/bulletin/pixel/2022-03-01
This one affects us. Fixing commit: 16b34e53eaadda6cbb1f0452fd99700c44db23be Introducing the bug: b892bf75b2034 The fixing commit is only present on master, although the commit introducing the bug is present on the following branches: - SLE12-SP5 - SLE15-SP3 - SLE15-SP4-GA - cve/linux-4.12 - cve/linux-4.4 - cve/linux-5.3 - stable - master All of these branches except master are affected.
However it seems to be a very android-related driver
ion driver was in drivers/staging/android, and we haven't enabled it in any releases. And this driver got already removed. So we are unaffected. Reassigned back to security team.
(In reply to Takashi Iwai from comment #3) > ion driver was in drivers/staging/android, and we haven't enabled it in any > releases. And this driver got already removed. So we are unaffected. > > Reassigned back to security team. Thanks Takashi! Closing