■ ■ ■ ■ ■ ■
0day-RCAs/2021/CVE-2021-1048.md
1 - # CVE-2021-1048: refcount increment on mid-destruction file 1 + # CVE-2021-1048: Android kernel refcount increment on mid-destruction file 2 2 *Jann Horn* 3 3 4 4 ## The Basics 5 + 6 + **NOTE: The original vulnerability was in the Linux kernel, but in-the-wild 7 + exploitation was only seen on Android-based devices, which run Android-specific 8 + kernel forks** 5 9 6 10 **Disclosure or Patch Date:** it's complicated (but the Android bulletin is from 6 November 2021) 7 11 skipped 24 lines 32 36 - upstream: 5.9-rc4, 5.8.8, 5.4.64, 4.19.144, 4.14.197, 4.9.236, 4.4.236 33 37 - Android devices: SPL 2021-11-06 or lower (see "context of bug" section for explanation) 34 38 35 - **Issue/Bug Report:** unknown 39 + **Issue/Bug Report (upstream Linux):** https://lore.kernel.org/linux-fsdevel/[email protected] /T/#u 40 + 41 + **Issue/Bug Report (Android devices):** unknown 36 42 37 43 **Patch CL:** https://git.kernel.org/linus/77f4689de17c 38 44 39 45 **Bug-Introducing CL:** https://git.kernel.org/linus/a9ed4a6560b8 (bugfix for another memory corruption) 40 46 41 - **Reporter(s):** unknown 47 + **Reporter(s) (upstream Linux):** syzbot/syzkaller 48 + 49 + **Reporter(s) (Android devices):** unknown 42 50 43 51 ## The Code 44 52 skipped 155 lines