The use-after-free in binder driver vulnerability is a kernel privilege bug potentially affecting Zebra devices running the Android 8.1 (Oreo) operating system. Other operating systems are either not impacted or have already addressed the vulnerability.
As reported by Maddie Stone from the Android security team:
In the upstream commit: “binder_poll() passes the thread->wait waitqueue that can be slept on for work. When a thread that uses epoll explicitly exits using BINDER_THREAD_EXIT, the waitqueue is freed, but it is never removed from the corresponding epoll data structure. When the process subsequently exits, the epoll cleanup code tries to access the waitlist, which results in a use-after-free.”
Control of the kernel/root access can also lead to an "exploit chain", where malicious actors use additional exploits to collect information from the device.
While the vulnerability is rated High, it requires installation of a compromised application for exploit to occur. Zebra encourages customers to lock down device capabilities to prevent installation of compromised applications.