STRLCPY/0days-in-the-wild

CVE-2021-1048: fix title, add details

Eric Biggers pointed out that there was a bug report by syzkaller that lead
to the upstream fix.

While I'm at it, also fix up the title, so that the product name is visible
in the overview table.

Change-Id: If2505b47bdb5b84753911906e7f73200409856d1

Jann Horn committed with Maddie Stone 2 years ago

fdc74de0

1 parent a75e7bc3

Total 1 files

■ ■ ■ ■ ■ ■

0day-RCAs/2021/CVE-2021-1048.md

1		-	# CVE-2021-1048: refcount increment on mid-destruction file
	1	+	# CVE-2021-1048: Android kernel refcount increment on mid-destruction file
2	2		Jann Horn
3	3
4	4		## The Basics
	5	+
	6	+	**NOTE: The original vulnerability was in the Linux kernel, but in-the-wild
	7	+	exploitation was only seen on Android-based devices, which run Android-specific
	8	+	kernel forks**
5	9
6	10		Disclosure or Patch Date: it's complicated (but the Android bulletin is from 6 November 2021)
7	11
		skipped 24 lines
32	36		- upstream: 5.9-rc4, 5.8.8, 5.4.64, 4.19.144, 4.14.197, 4.9.236, 4.4.236
33	37		- Android devices: SPL 2021-11-06 or lower (see "context of bug" section for explanation)
34	38
35		-	Issue/Bug Report: unknown
	39	+	Issue/Bug Report (upstream Linux): https://lore.kernel.org/linux-fsdevel/[email protected]/T/#u
	40	+
	41	+	Issue/Bug Report (Android devices): unknown
36	42
37	43		Patch CL: https://git.kernel.org/linus/77f4689de17c
38	44
39	45		Bug-Introducing CL: https://git.kernel.org/linus/a9ed4a6560b8 (bugfix for another memory corruption)
40	46
41		-	Reporter(s): unknown
	47	+	Reporter(s) (upstream Linux): syzbot/syzkaller
	48	+
	49	+	Reporter(s) (Android devices): unknown
42	50
43	51		## The Code
44	52
		skipped 155 lines