CVE - CVE-2021-46935

CVE-ID
CVE-2021-46935	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: binder: fix async_free_space accounting for empty parcels In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space") fixed a kernel structure visibility issue. As part of that patch, sizeof(void ) was used as the buffer size for 0-length data payloads so the driver could detect abusive clients sending 0-length asynchronous transactions to a server by enforcing limits on async_free_size. Unfortunately, on the "free" side, the accounting of async_free_space did not add the sizeof(void ) back. The result was that up to 8-bytes of async_free_space were leaked on every async transaction of 8-bytes or less. These small transactions are uncommon, so this accounting issue has gone undetected for several years. The fix is to use "buffer_size" (the allocated buffer size) instead of "size" (the logical buffer size) when updating the async_free_space during the free operation. These are the same except for this corner case of asynchronous transactions with payloads < 8 bytes.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da URL:https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da MISC:https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff URL:https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff MISC:https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4 URL:https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4 MISC:https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495 URL:https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495 MISC:https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593 URL:https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593 MISC:https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901 URL:https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901
Assigning CNA
kernel.org
Date Record Created
20240225	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240225)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)