|
@Digital_Cold | |||||
|
I wonder how long CVE-2019-2215 has been exploitable. Trying to read through the kernel sources to figure out if there was a specific date. I notice that earlier kernels called `binder_free_thread` instead of `binder_thread_release`. lore.kernel.org/patchwork/patc…
|
||||||
|
||||||
|
Grant Hernandez
@Digital_Cold
|
18. lis |
|
That patch set did a major refactor of binder from a single global lock to incorporate more fine-grained locking (performance reasons). It's possible that binder was free from most cross-thread races before this and the epoll race window was missed during the refactor
|
||
|
|
||