* epoll: Does anyone know about CVE-2021-39634
@ 2022-03-10 15:16 wanghai (M)
0 siblings, 0 replies; only message in thread
From: wanghai (M) @ 2022-03-10 15:16 UTC (permalink / raw)
To: viro, maz, jbaron, akpm, khazhy, kaleshsingh, dbueso
Cc: linux-kernel, linux-fsdevel
I've spent a long time and can't figure out the details of the following
CVE, can anyone help me?
CVE-2021-39634 [1]
In fs/eventpoll.c, there is a possible use after free.
I have two questions:
1. How does the UAF problem happen?
2. Why it can be fixed by commit f8d4f44df056 ("epoll: do not insert
into poll queues until all sanity checks are done") [2]
I'm guessing that patch [3] solved a problem similar to [4], is this
correct?
Any feedback would be appreciated, thanks.
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-39634
[2] https://www.linuxkernelcves.com/cves/CVE-2021-39634
[3]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f8d4f44df056c5b504b0d49683fb7279218fd207
[4]
https://cloudfuzz.github.io/android-kernel-exploitation/chapters/root-cause-analysis.html
--
Wang Hai
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-03-10 15:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-10 15:16 epoll: Does anyone know about CVE-2021-39634 wanghai (M)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).