CVE-2020-0232

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue arises from the function abc pcie issue dma xfer sync creating a transfer object, adding it to the session object, and then continuing to work with it. A concurrent thread could retrieve the created transfer object from the session object and delete it using abc pcie dma user xfer clean. If this happens, abc pcie start dma xfer and abc pcie wait dma xfer in the original thread will trigger a use-after-free (UAF) when working with the transfer object.

Recommendations For Android kernel, consider disabling the abc pcie issue dma xfer sync function until a patch is available to prevent the UAF issue. Restrict access to the abc pcie dma user xfer clean function to minimize the risk of exploitation. Avoid using the abc pcie start dma xfer and abc pcie wait dma xfer functions in concurrent threads until the issue is resolved.