I've spent a long time and can't figure out the details of the following
CVE, can anyone help me?
CVE-2021-39634 [1]
In fs/eventpoll.c, there is a possible use after free.
I have two questions:
1. How does the UAF problem happen?
2. Why it can be fixed by commit f8d4f44df056 ("epoll: do not insert
into poll queues until all sanity checks are done") [2]
I'm guessing that patch [3] solved a problem similar to [4], is this
correct?
Any feedback would be appreciated, thanks.
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-39634
[2] https://www.linuxkernelcves.com/cves/CVE-2021-39634
[3]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f8d4f44df056c5b504b0d49683fb7279218fd207
[4]
https://cloudfuzz.github.io/android-kernel-exploitation/chapters/root-cause-analysis.html
--
Wang Hai