CVE-2024-26926

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the binder component in the Linux kernel, where a vulnerability has been resolved by checking offset alignment in the binder get object() function. This check was unintentionally removed due to changes in how binder objects are copied, specifically with the introduction of commit 6d98eb95b450. The removal of the offset alignment check could lead to complications when unwinding objects. The vulnerability is related to a use-after-free issue in binder alloc copy to buffer of binder.c, which could result in arbitrary code execution and local escalation of privilege in the kernel. The exploitation of this vulnerability does not require additional execution privileges or user interaction. It involves crafting a malicious binder object with misaligned offsets and sending it through IPC, allowing the object to bypass alignment validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.