CVE-2024-26926
Published: Apr 24, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df ("binder: add function to copy binder object from buffer"), likely removed due to redundancy at the time.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c056a6ba35e00ae943e377eb09abd77a6915b31a - < 68a28f551e4690db2b27b3db716c7395f6fada12affected 23e9d815fad84c1bee3742a8de4bd39510435362 - < 48a1f83ca9c68518b1a783c62e6a8223144fa9fcaffected 7a9ad4aceb0226b391c9d3b8e4ac2e7d438b6bde - < a2fd6dbc98be1105a1d8e9e31575da8873ef115caffected 6d98eb95b450a75adb4516a1d33652dc78d2b20c - < a6d2a8b211c874971ee4cf3ddd167408177f6e76affected 6d98eb95b450a75adb4516a1d33652dc78d2b20c - < 1d7f1049035b2060342f11eff957cf567d810bdc+7 more versions |
Linux | Linux | affected 5.17unaffected 0 - < 5.17unaffected 5.4.275 - <= 5.4.*unaffected 5.10.216 - <= 5.10.*unaffected 5.15.157 - <= 5.15.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now