CVE-2022-50240

EUVD-2022-55512
In the Linux kernel, the following vulnerability has been resolved:

android: binder: stop saving a pointer to the VMA

Do not record a pointer to a VMA outside of the mmap_lock for later use. 
This is unsafe and there are a number of failure paths *after* the
recorded VMA pointer may be freed during setup.  There is no callback to
the driver to clear the saved pointer from generic mm code.  Furthermore,
the VMA pointer may become stale if any number of VMA operations end up
freeing the VMA so saving it was fragile to being with.

Instead, change the binder_alloc struct to record the start address of the
VMA and use vma_lookup() to get the vma when needed.  Add lockdep
mmap_lock checks on updates to the vma pointer to ensure the lock is held
and depend on that lock for synchronization of readers and writers - which
was already the case anyways, so the smp_wmb()/smp_rmb() was not
necessary.

[akpm@linux-foundation.org: fix drivers/android/binder_alloc_selftest.c]
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.224
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.154
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.61
linuxlinux_kernel
5.16 ≤
𝑥
< 5.18.18
linuxlinux_kernel
5.19 ≤
𝑥
< 5.19.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.237-1
fixed
forky
6.16.3-1
fixed
sid
6.16.7-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
bpftool-debuginfo
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-debuginfo
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-debuginfo-common-aarch64
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-debuginfo-common-x86_64
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-devel
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-headers
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-libbpf
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-libbpf-devel
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-libbpf-static
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-livepatch-6.1.34-56.100
Amazon Linux 2023
0:1.0-0.amzn2023
fixed
kernel-tools
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-tools-debuginfo
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
kernel-tools-devel
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
perf
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
perf-debuginfo
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
python3-perf
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed
python3-perf-debuginfo
Amazon Linux 2023
0:6.1.34-56.100.amzn2023
fixed