Twitter | Pretraživanje | |
Grant Hernandez
I wonder how long CVE-2019-2215 has been exploitable. Trying to read through the kernel sources to figure out if there was a specific date. I notice that earlier kernels called `binder_free_thread` instead of `binder_thread_release`.
Reply Retweet Označi sa "sviđa mi se" More
Grant Hernandez 18. lis
Odgovor korisniku/ci @Digital_Cold
That patch set did a major refactor of binder from a single global lock to incorporate more fine-grained locking (performance reasons). It's possible that binder was free from most cross-thread races before this and the epoll race window was missed during the refactor
Reply Retweet Označi sa "sviđa mi se"