CVE-2023-54157

CVE-2023-54157 concerns a Linux kernel Binder use-after-free (UAF) of alloc->vma caused by a race with munmap. The root cause cited across connected documents is that access to alloc->vma in binder_update_page_range() could race with vm_area_free() in munmap due to a previous downgrade of t...

UBUNTU-CVE-2021-46935

In the Linux kernel, the following vulnerability has been resolved: binder: fix asyncfreespace accounting for empty parcels In 4.13, commit 74310e06be4d "android: binder: Move buffer out of area shared with user space" fixed a kernel structure visibility issue. As part of that patch, sizeofvoid w...

Android - binder Use-After-Free via fdget() Optimization

This bug report describes two different issues in different branches of the binder kernel code. The first issue is in the upstream Linux kernel, commit 7f3dc0088b98 "binder: fix proc-files use-after-free"; the second issue is in the wahoo kernel and maybe elsewhere? but at least the android commo...

CVE-2016-6689

Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347...