CVE-2022-49939

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc8

Description A use-after-free bug has been identified in the Linux kernel, specifically in the binder component. This issue arises due to a race condition where a transaction of type BINDER TYPE WEAK HANDLE can fail to increment the reference for a node, leading to a dangling pointer. The bug occurs when the target process is dying in parallel with the call to binder deferred release(), resulting in the cleanup of the new failed reference being left unhandled. This can cause a use-after-free error when attempting to take a spin lock on the released process.

Recommendations For Linux kernel versions prior to 5.19.0-rc8, update to a version that includes the fix for the use-after-free bug in the binder component. As a temporary workaround, consider disabling the binder deferred func function until a patch is available. Restrict access to the binder component to minimize the risk of exploitation. Avoid using the BINDER TYPE WEAK HANDLE transaction type in the affected binder component until the issue is resolved.