CVE-2024-56555

Summary

CVE-2024-56555: A vulnerability has been identified and resolved in the Linux kernel's binder subsystem. The issue lies in the function binder_add_freeze_work(), where the proc->inner_lock is dropped to acquire node->lock, allowing binder_deferred_release() to remove nodes from proc->nodes and add them to binder_dead_nodes before the iteration in binder_add_freeze_work() is complete. As a result, rb_next() uses data from binder_dead_nodes, leading to an out-of-bounds access. This vulnerability was identified during a kernel address sanitizer scan and affected version 6.11.0 and later. The affected code uses a union of rb_node and hlist_node structures in binder_node, allowing the shared entries to cause the race condition. The issue has been rectified by checking if the proc is still alive before proceeding with the iteration.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.