In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel Reference: https://source.android.com/security/bulletin/pixel/2022-12-01 Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4caae58406f8ceb741603eee460d79bacca9b1b5
This issue was fixed in upstream in version 5.19. The kernel packages as shipped in the following Red Hat products were previously updated to a version that contains the fix via the following errata: kernel in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:7683 kernel-rt in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:7444 kernel in Red Hat Enterprise Linux 9 https://access.redhat.com/errata/RHSA-2022:8267 kernel-rt in Red Hat Enterprise Linux 9 https://access.redhat.com/errata/RHSA-2022:7933