CVE-2024-56556

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A use-after-free vulnerability has been identified in the Linux kernel, specifically in the binder add freeze work() function. This issue arises when the proc->inner lock is temporarily dropped to acquire the node->lock, allowing a race condition with binder node release() that can trigger a use-after-free. The vulnerability is related to the binder subsystem and can be exploited by malicious actors.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the use-after-free vulnerability in binder add freeze work(). As a temporary workaround, consider restricting access to the binder subsystem to minimize the risk of exploitation.