epoll: Does anyone know about CVE-2021-39634

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've spent a long time and can't figure out the details of the following CVE, can anyone help me?

CVE-2021-39634 [1]
In fs/eventpoll.c, there is a possible use after free.

I have two questions:
1. How does the UAF problem happen?
2. Why it can be fixed by commit f8d4f44df056 ("epoll: do not insert into poll queues until all sanity checks are done") [2]

I'm guessing that patch [3] solved a problem similar to [4], is this correct?

Any feedback would be appreciated, thanks.

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-39634
[2] https://www.linuxkernelcves.com/cves/CVE-2021-39634
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f8d4f44df056c5b504b0d49683fb7279218fd207 [4] https://cloudfuzz.github.io/android-kernel-exploitation/chapters/root-cause-analysis.html

--
Wang Hai




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux