CVE-2023-52438

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-rc5

Description The issue is related to a use-after-free vulnerability in the binder driver's shrinker callback. The mmap read lock is used during the shrinker's callback, which can lead to a race condition with munmap(). This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability was confirmed by a KASAN report, which showed a slab-use-after-free in zap page range single.

Recommendations To resolve this issue, perform a vma lookup() instead, which will fail to find the vma that was isolated before the mmap lock downgrade. This option has better performance than upgrading to a mmap write lock, which would increase contention. Additionally, mmap write trylock() has been recently removed.

Note: The provided information does not specify the exact version that contains the fix for this vulnerability. Therefore, it is recommended to update to the latest version of the Linux kernel to ensure you have the latest security patches.