CVE-2022-50240

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.150-00001-gdc8dcf942daa

Description A use-after-free (UAF) vulnerability exists within the binder component of the Linux kernel. The vulnerability occurs due to a race condition between binder update page range() and vm area free() in munmap(), potentially leading to memory corruption. Specifically, accesses to alloc->vma within binder update page range() can race with the freeing of the vma in munmap(), resulting in a UAF condition. This issue is specific to stable kernel branches 5.4 and 5.10. Newer kernel releases have been refactored to avoid this issue by using vma lookup() instead of caching a pointer to the vma.

Recommendations Update to a kernel version newer than 5.10.150-00001-gdc8dcf942daa.