CVE-2021-47360

binder: make sure fd closes complete

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

binder: make sure fd closes complete

During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object
cleanup may close 1 or more fds. The close operations are
completed using the task work mechanism -- which means the thread
needs to return to userspace or the file object may never be
dereferenced -- which can lead to hung processes.

Force the binder thread back to userspace if an fd is closed during
BC_FREE_BUFFER handling.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: carpeta: asegúrese de que fd se cierre por completo Durante el procesamiento BC_FREE_BUFFER, la limpieza del objeto BINDER_TYPE_FDA puede cerrar 1 o más fds. Las operaciones de cierre se completan utilizando el mecanismo de trabajo de tareas, lo que significa que el hilo debe regresar al espacio de usuario o es posible que nunca se elimine la referencia al objeto de archivo, lo que puede llevar a procesos bloqueados. Fuerce el hilo de la carpeta a regresar al espacio de usuario si se cierra un fd durante el manejo de BC_FREE_BUFFER.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/80cd795630d6526ba729a089a435bf74a57af927	Vuln. Introduced
https://git.kernel.org/stable/c/27564d8d5d12d2ff197055346069c6bdbe08a8c2	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/aa2c274c279ff365a06a4cba263f04965895166e	2021-09-30
https://git.kernel.org/stable/c/d5b0473707fa53b03a5db0256ce62b2874bddbc7	2021-09-30
https://git.kernel.org/stable/c/b95483d8d94b41fa31a84c1d86710b7907a37621	2021-09-30
https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d	2021-09-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.4.150 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.4.150"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.10.70 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.10.70"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.14.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.14.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.0 < 5.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.20.1 Search vendor "Linux" for product "Linux Kernel" and version "4.20.1"		en		Affected