The quantum state of Linux kernel garbage collection (Project Zero)

The Project Zero blog has posted adetailed look at CVE-2021-0920 in the first of a two-part series on howthis bug created a vulnerability that was subsequently exploited.

Google's Threat Analysis Group (TAG) discovered Samsung browserexploit chains being used in the wild. TAG then performed rootcause analysis and discovered that this vulnerability,CVE-2021-0920, was being used to escape the sandbox and elevateprivileges. CVE-2021-0920 was reported to Linux/Androidanonymously. The Google Android Security Team performed the fulldeep-dive analysis of the exploit.

This issue was initially discovered in 2016 by a RedHat kerneldeveloper and disclosed in a public email thread, but the Linuxkernel community didnot patch the issue until it was re-reported in 2021.