Bugzilla – Bug 1197214
VUL-0: CVE-2021-39714: kernel-source-azure,kernel-source-rt,kernel-source: integer overflow leading to use after free in ion.c
Last modified: 2022-03-17 14:45:21 UTC
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an
integer overflow. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-205573273References: Upstream kernel
This one affects us.
Fixing commit: 16b34e53eaadda6cbb1f0452fd99700c44db23be
Introducing the bug: b892bf75b2034
The fixing commit is only present on master, although the commit introducing the bug is present on the following branches:
All of these branches except master are affected.
However it seems to be a very android-related driver
ion driver was in drivers/staging/android, and we haven't enabled it in any releases. And this driver got already removed. So we are unaffected.
Reassigned back to security team.
(In reply to Takashi Iwai from comment #3)
> ion driver was in drivers/staging/android, and we haven't enabled it in any
> releases. And this driver got already removed. So we are unaffected.
> Reassigned back to security team.
Thanks Takashi! Closing