CVE-2022-49939 binder: fix UAF of ref->proc caused by race condition

🗓️ 18 Jun 2025 10:54:40Reported by LinuxType

Fixed use-after-free vulnerability in Linux kernel due to race condition in binder transactions.

Reporter	Title	Published	Views	Family All 18
AstraLinux	Astra Linux - уязвимость в linux-5.10, linux-5.15, linux	3 May 202623:59	–	astralinux
CNNVD	Linux kernel 安全漏洞	18 Jun 202500:00	–	cnnvd
CVE	CVE-2022-49939	18 Jun 202510:54	–	cve
Debian CVE	CVE-2022-49939	18 Jun 202510:54	–	debiancve
EUVD	EUVD-2022-55189	3 Oct 202520:07	–	euvd
NVD	CVE-2022-49939	18 Jun 202511:15	–	nvd
OSV	CVE-2022-49939 binder: fix UAF of ref->proc caused by race condition	18 Jun 202510:54	–	osv
OSV	DEBIAN-CVE-2022-49939	18 Jun 202511:15	–	osv
OSV	UBUNTU-CVE-2022-49939	18 Jun 202511:15	–	osv
Tenable Nessus	Photon OS 4.0: Linux PHSA-2021-4.0-0065	22 Jul 202100:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/android/binder.c"
    ],
    "versions": [
      {
        "version": "372e3147df7016ebeaa372939e8774a1292db558",
        "lessThan": "229f47603dd306bc0eb1a831439adb8e48bb0eae",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "372e3147df7016ebeaa372939e8774a1292db558",
        "lessThan": "06e5b43ca4dab06a92bf4c2f33766e6fb11b880a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "372e3147df7016ebeaa372939e8774a1292db558",
        "lessThan": "30d0901b307f27d36b2655fb3048cf31ee0e89c0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "372e3147df7016ebeaa372939e8774a1292db558",
        "lessThan": "9629f2dfdb1dad294b468038ff8e161e94d0b609",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "372e3147df7016ebeaa372939e8774a1292db558",
        "lessThan": "c2a4b5dc8fa71af73bab704d0cac42ac39767ed6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "372e3147df7016ebeaa372939e8774a1292db558",
        "lessThan": "603a47f2ae56bf68288784d3c0a8c5b8e0a827ed",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "372e3147df7016ebeaa372939e8774a1292db558",
        "lessThan": "a0e44c64b6061dda7e00b7c458e4523e2331b739",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/android/binder.c"
    ],
    "versions": [
      {
        "version": "4.14",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.14",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "4.14.293",
        "lessThanOrEqual": "4.14.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "4.19.258",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.4.213",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.10.142",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.15.66",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.19.8",
        "lessThanOrEqual": "5.19.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.0",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/229f47603dd306bc0eb1a831439adb8e48bb0eae
git	www.git.kernel.org/stable/c/30d0901b307f27d36b2655fb3048cf31ee0e89c0
git	www.git.kernel.org/stable/c/9629f2dfdb1dad294b468038ff8e161e94d0b609
git	www.git.kernel.org/stable/c/603a47f2ae56bf68288784d3c0a8c5b8e0a827ed
git	www.git.kernel.org/stable/c/06e5b43ca4dab06a92bf4c2f33766e6fb11b880a
git	www.git.kernel.org/stable/c/a0e44c64b6061dda7e00b7c458e4523e2331b739
git	www.git.kernel.org/stable/c/c2a4b5dc8fa71af73bab704d0cac42ac39767ed6

11 May 2026 19:09Current

EPSS0.0004