A race condition was discovered in the Android binder driver, that could lead to incorrect security checks. On systems where the binder driver is loaded, a local user could exploit this for privilege escalation. References and upstream patches: https://source.android.com/security/bulletin/2022-03-01 https://android.googlesource.com/kernel/common/+/d49297739550 https://android.googlesource.com/kernel/common/+/3af7a2f61023 https://android.googlesource.com/kernel/common/+/11db2de0af2a https://android.googlesource.com/kernel/common/+/a4eacf3227bd
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2063220]
This was fixed for Fedora with the 5.14.18 stable kernel updates.
There was no source built with CONFIG_ANDROID_BINDER_IPC option in any of the shipped RHEL kernel versions.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-39686