Use-After-Free Vulnerability in Linux Kernel Binder Module

CVE-2022-50338

What is CVE-2022-50338?

A use-after-free vulnerability was discovered in the Linux kernel's binder module, primarily affecting stable branches 5.4 and 5.10. The issue arises due to a race condition between memory management operations, where the binder assumes that possessing a read lock on memory mapping is adequate for protecting access to allocation structures. However, following a prior commit, the read lock is downgraded during memory unmapping, enabling access to freed memory. This condition may lead to undefined behavior, which is substantiated by reporting from the Kernel Address Sanitizer regarding memory reads of size 8 from an invalid address. The resolution involved revising the locking mechanism to enforce stricter memory access controls without notable performance degradation.

References