On Fri, Nov 9, 2018 at 4:32 AM Greg KH wrote:
>
> On Tue, Nov 06, 2018 at 03:55:32PM -0800, Todd Kjos wrote:
> > Malicious code can attempt to free buffers using the
> > BC_FREE_BUFFER ioctl to binder. There are protections
> > against a user freeing a buffer while in use by the
> > kernel, howeve
On Tue, Nov 06, 2018 at 03:55:32PM -0800, Todd Kjos wrote:
> Malicious code can attempt to free buffers using the
> BC_FREE_BUFFER ioctl to binder. There are protections
> against a user freeing a buffer while in use by the
> kernel, however there was a window where BC_FREE_BUFFER
> could be used t
Malicious code can attempt to free buffers using the
BC_FREE_BUFFER ioctl to binder. There are protections
against a user freeing a buffer while in use by the
kernel, however there was a window where BC_FREE_BUFFER
could be used to free a recently allocated buffer that
was not completely initialize
