3
The quantum state of Linux kernel garbage collection (Project Zero)
source link: https://lwn.net/Articles/904472/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
The quantum state of Linux kernel garbage collection (Project Zero)
[Posted August 11, 2022 by corbet]
The Project Zero blog has posted a detailed look at CVE-2021-0920 in the first of a two-part series on how this bug created a vulnerability that was subsequently exploited.
Google's Threat Analysis Group (TAG) discovered Samsung browser exploit chains being used in the wild. TAG then performed root cause analysis and discovered that this vulnerability, CVE-2021-0920, was being used to escape the sandbox and elevate privileges. CVE-2021-0920 was reported to Linux/Android anonymously. The Google Android Security Team performed the full deep-dive analysis of the exploit.This issue was initially discovered in 2016 by a RedHat kernel developer and disclosed in a public email thread, but the Linux kernel community did not patch the issue until it was re-reported in 2021.
(Log in to post comments)
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK