| The vulnerability CVE-2021-47360 resides in the binder driver of the Linux kernel, specifically in the `binder.c` file. The issue arises during the processing of `BC_FREE_BUFFER`, where the cleanup of `BINDER_TYPE_FDA` objects may close one or more file descriptors (fds). These close operations are performed using the task work mechanism, which requires the thread to return to userspace for completion. However, if the thread does not return to userspace, the file object may never be dereferenced, leading to hung processes. |
| |
| To mitigate this issue, the fix forces the binder thread to return to userspace if an fd is closed during `BC_FREE_BUFFER` handling. This ensures that the close operations are completed properly, preventing potential process hangs. |
| |
| The vulnerability was introduced in kernel version 5.0 with commit `80cd795630d6` and has been fixed in various subsequent kernel versions, including 5.4.150, 5.10.70, 5.14.9, and 5.15. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as well as other bugfixes. Individual changes should not be cherry-picked, as they are part of a larger kernel release and may not be thoroughly tested in isolation. |
| |
