CVE-2023-54005

Vulnerability

In the Linux kernel's binder driver, the binder_init() function fails to properly clean up the binder_alloc_shrinker_init() allocation when an error occurs an error later in the initialization path. This missing deallocation causes a memory leak [1].

Exploitation

The vulnerability is triggered during system boot when the binder module is initialized. No special privileges or user interaction are required; the leak occurs automatically on any system that loads the binder driver (common in Android environments). An attacker with local access could potentially force repeated module loads to accelerate memory exhaustion.

Impact

Over time, the unreleased memory accumulates, leading to gradual system memory pressure and potential denial of service. The leak is limited to the initialization phase, but repeated module loading (if possible) could exacerbate the issue.

Mitigation

The fix introduces binder_alloc_shrinker_exit() and calls it on the error path in binder_init() [1]. Patches have been applied to stable kernel trees [2][3][4]. Users should update to a kernel containing the fix.