The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)

This guest blog provides a technical root-cause analysis of CVE-2021-0920, a use-after-free in the Linux SCM_RIGHTS garbage-collection path exploited via a race condition when recvmsg(MSG_PEEK) is not synchronized with garbage collection. The report documents in-the-wild exploitation by a surveillance vendor (Wintego) from at least November 2020 through November 2021, chaining the kernel exploit with Chrome/Samsung browser bugs to remotely root Samsung devices (S10/S20), and outlines how the kernel garbage collector and fixes (August/November 2021 patches) address the issue.