Information disclosure in Linux kernel binder
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-46935 |
| CWE-ID | CWE-668 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU89263
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46935
CWE-ID:
CWE-668 - Exposure of resource to wrong sphere
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the binder_free_buf_locked() function in drivers/android/binder_alloc.c. A local user can gain access to sensitive information on the system.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: before 4.14.261
External linkshttp://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495
http://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593
http://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da
http://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4
http://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff
http://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
