CVE-2023-52609

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises from a race condition between mmput() and do exit() in the Linux kernel. When Task A calls binder update page range() to allocate and insert pages on a remote address space from Task B, it pins the remote mm via mmget not zero() first. This can race with Task B's do exit() and the final mmput() refcount decrement will come from Task A. As a result, the work of fput() from Task B is queued up in Task A as TWA RESUME. However, Task A instead sleeps, waiting for a reply from Task B that never comes, causing binder deferred release() to be blocked until an unrelated binder event forces Task A to go back to userspace. All associated death notifications are also delayed until then.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.