CVE-2024-26926

binder: check offset alignment in binder_get_object()

References

https://cve.org/CVERecord/?id=CVE-2024-26926

Notes

 carnil> Introduced in 6d98eb95b450 ("binder: avoid potential data leakage when copying
 carnil> txn"). Vulnerable versions: 5.4.226 5.10.157 5.15.17 5.16.3 5.17-rc1.

Bugs

Status

Branch	Status
4.19-buster-security	N/A "Vulnerable code not present"
4.19-upstream-stable	N/A "Vulnerable code not present"
5.10-bullseye-security	released (5.10.216-1)
5.10-upstream-stable	released (5.10.216) [48a1f83ca9c68518b1a783c62e6a8223144fa9fc]
6.1-bookworm-security	released (6.1.90-1)
6.1-upstream-stable	released (6.1.88) [a6d2a8b211c874971ee4cf3ddd167408177f6e76]
6.6-upstream-stable	released (6.6.29) [1d7f1049035b2060342f11eff957cf567d810bdc]
6.8-upstream-stable	released (6.8.8) [f01d6619045704d78613b14e2e0420bfdb7f1c15]
sid	needed
upstream	released (6.9-rc5) [aaef73821a3b0194a01bd23ca77774f704a04d40]