CVE-2023-54157

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.150-00001-gdc8dcf942daa

Description The Linux kernel contained a use-after-free condition within the binder component. Specifically, a race condition between munmap and binder update page range could lead to a use-after-free (UAF) when accessing alloc->vma. This occurred because a change in how mmap lock was handled after detaching a VMA in munmap allowed vm area free to proceed with only a read lock, creating a window where accesses to alloc->vma in binder update page range could race with the VMA being freed. The issue was identified through KASAN tracing, which revealed a read of freed memory in vm insert page. The fix involves reverting to taking the mmap write lock inside binder update page range to prevent the race condition.

Recommendations Upgrade to Linux kernel version 5.10.150-00001-gdc8dcf942daa or a later version that includes the fix.