RAVENPLAT 2652: RAVEN - Android Security Bulletin - September 2019-09 - Kernel components binder driver - CVE-2019-2181 [1/]
PD#OTT-5999
[Problem]
In binder_transaction of binder.c, there is a possible out of bounds
write due to an integer overflow. This could lead to local escalation of
privilege with noadditional execution privileges needed. User interaction
is needed for exploitation.
The fix is designed to check for the integer overflow.
[Solution]
UPSTREAM: binder: check for overflow when alloc for security context
commit
0b0509508beff65c1d50541861bc0d4973487dc5 upstream.
When allocating space in the target buffer for the security context,
make sure the extra_buffers_size doesn't overflow. This can only
happen if the given size is invalid, but an overflow can turn it
into a valid size. Fail the transaction if an overflow is detected.
Bug:
130571081
Change-Id: Ibaec652d2073491cc426a4a24004a848348316bf
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
projects / platform / kernel / linux-amlogic.git / commit