CVE-2022-49947

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc1-next-20220819-syzkaller

Description A null-ptr dereference issue has been resolved in the Linux kernel. The issue occurred when a binder proc received a transaction without having previously called mmap() to setup the binder proc->alloc space. This could happen when attempting to acquire the mmap lock when alloc->vma vm mm has not been initialized yet. The issue was reported by Syzbot and was introduced by a commit that added missing mmap lock calls when using the VMA. The fix involves setting up the alloc->vma vm mm pointer during open() and caching directly from current->mm to guarantee a valid reference to take the mmap lock.

Recommendations For Linux kernel versions prior to 6.0.0-rc1-next-20220819-syzkaller, the issue can be resolved by applying the fix that sets up the alloc->vma vm mm pointer during open() and caches directly from current->mm. As a temporary workaround, consider restricting access to the vulnerable binder alloc new buf locked function until a patch is available.