The syzbot tool found a race condition in the network scheduling subsystem which could lead to a use-after-free. A local user could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation. References and upstream patches: https://source.android.com/security/bulletin/pixel/2022-03-01 https://android.googlesource.com/kernel/common/+/e368fdb61d8e7 https://android.googlesource.com/kernel/common/+/9d7e82cec35c0 https://android.googlesource.com/kernel/common/+/3a7d0d07a3867 https://android.googlesource.com/kernel/common/+/86bd446b5cebd https://android.googlesource.com/kernel/common/+/6f99528e97977
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2063237]
These fixes went upstream in 4.20 and addressed in Fedora with the 4.20.x kernel rebases.