ASB-A-175193031

See a problem?
Import Source
https://storage.googleapis.com/android-osv-test/ASB-A-175193031.json
JSON Data
https://api.test.osv.dev/v1/vulns/ASB-A-175193031
Aliases
A-175193031
CVE-2020-14381
Published
2021-08-01T00:00:00Z
Modified
2025-08-06T16:29:06.385449Z
Summary
[none]
Details
In futexsetuptimer and related functions of futex.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Affected packages

Android / :linux_kernel:

Package

Name: :linux_kernel:
Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2021-08-05
Affected versions

Other

Kernel
Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "282028673913705372080548951146152483629",
                "length": 365.0
            },
            "target": {
                "function": "get_futex_key_refs",
                "file": "kernel/futex.c"
            },
            "signature_type": "Function",
            "deprecated": false,
            "source": "https://android.googlesource.com/kernel/common/+/8019ad13ef7f64be44d4f892af9c840179009254",
            "signature_version": "v1",
            "id": "ASB-A-175193031-060c2605"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "225841678817929804105344848207817203727",
                    "241936174136776133829250901711474255239",
                    "83691230565593305391621373308776520282",
                    "317408987809827657721927393510666747361"
                ]
            },
            "target": {
                "file": "include/linux/fs.h"
            },
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://android.googlesource.com/kernel/common/+/8019ad13ef7f64be44d4f892af9c840179009254",
            "signature_version": "v1",
            "id": "ASB-A-175193031-0b1e0cfa"
        },
        {
            "digest": {
                "function_hash": "256967322258109938079540545875429673376",
                "length": 358.0
            },
            "target": {
                "function": "drop_futex_key_refs",
                "file": "kernel/futex.c"
            },
            "signature_type": "Function",
            "deprecated": false,
            "source": "https://android.googlesource.com/kernel/common/+/8019ad13ef7f64be44d4f892af9c840179009254",
            "signature_version": "v1",
            "id": "ASB-A-175193031-3b71fe5f"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "230744971195401288130627191547954842823",
                    "211127357769710341211336505123840086203",
                    "223896465548815511929732416192874484212",
                    "195211789378707427530363712531941152443",
                    "27213064731481272809241883819707334080",
                    "202404361305839365860301863658895764391",
                    "83822538963803172961150238880216516888",
                    "135422197697941568751249559187827700582",
                    "101870871030793852761589874639816271120",
                    "123884775452490913074377838750592379955",
                    "146732311113055482652018525674129277052",
                    "114952950682114127151436562538516442992",
                    "251856903832989451948821676129667668721",
                    "9640809441899830722058250453081542185",
                    "306014243791964214160361273551987327733",
                    "114643466419988552477100819623107863030",
                    "189133146165400672977871200733128576001",
                    "319648815059471282394804370335203257405",
                    "23947681010449533293521396795715034199",
                    "172029134429723997899540937363532015349",
                    "267576497048180801712971195444989451561",
                    "192751111435224228590908869342281583875",
                    "281794845464170717671969943442942908295",
                    "317774558663308463005369364169594256402",
                    "284910707618624202955147741024928021517",
                    "137152916533273283007371937256895584705",
                    "14440142934350694891750584554079577740",
                    "284824107555072767724379551301905605227",
                    "53089509811906778133369099335059308795",
                    "212586052990105367349220776620889644803",
                    "325653622803805233355656729939045730833",
                    "314382843384342374749507079552120999213",
                    "260923458147121407760795272648310252665",
                    "60069556135846207280891853717944915510"
                ]
            },
            "target": {
                "file": "kernel/futex.c"
            },
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://android.googlesource.com/kernel/common/+/8019ad13ef7f64be44d4f892af9c840179009254",
            "signature_version": "v1",
            "id": "ASB-A-175193031-6fd116f8"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "111452198812326913730550942143857210815",
                    "87766513542484278407272696616802886018",
                    "15484196665771149059508317911677159500",
                    "90228417295428278250578187220276270997",
                    "147712307941903208843395870608426226108",
                    "212706926981469402678408146791062140167",
                    "276926196982029909468235867557785073289",
                    "224688884671022097837423789854950299692",
                    "220310317394217939780448604728947110652",
                    "105245571931909190354756280054953557774",
                    "131019882807181507805285072110519253213",
                    "265681283274407437668067939032827246681",
                    "250196792535479318812781168825484490889",
                    "112855155136791911856029834773871273206",
                    "287995816502077079244322662322416315840",
                    "43819587969497763002331070427534702921",
                    "3837322148247977244258777468079800650",
                    "32874732896297290009978364591559677067",
                    "150853477666196706619459834561079105242"
                ]
            },
            "target": {
                "file": "include/linux/futex.h"
            },
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://android.googlesource.com/kernel/common/+/8019ad13ef7f64be44d4f892af9c840179009254",
            "signature_version": "v1",
            "id": "ASB-A-175193031-7a153f5d"
        },
        {
            "digest": {
                "function_hash": "224703122958689725050710268330769074607",
                "length": 1949.0
            },
            "target": {
                "function": "get_futex_key",
                "file": "kernel/futex.c"
            },
            "signature_type": "Function",
            "deprecated": false,
            "source": "https://android.googlesource.com/kernel/common/+/8019ad13ef7f64be44d4f892af9c840179009254",
            "signature_version": "v1",
            "id": "ASB-A-175193031-8353b085"
        },
        {
            "digest": {
                "function_hash": "217181746816137931412715083531560112179",
                "length": 1992.0
            },
            "target": {
                "function": "inode_init_always",
                "file": "fs/inode.c"
            },
            "signature_type": "Function",
            "deprecated": false,
            "source": "https://android.googlesource.com/kernel/common/+/8019ad13ef7f64be44d4f892af9c840179009254",
            "signature_version": "v1",
            "id": "ASB-A-175193031-f31063e4"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "260187947260637658878704936142273918549",
                    "322288179877911543514123641936100429501",
                    "339597281592852085992351917251310976998",
                    "76123908760051706359067459854941600762"
                ]
            },
            "target": {
                "file": "fs/inode.c"
            },
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://android.googlesource.com/kernel/common/+/8019ad13ef7f64be44d4f892af9c840179009254",
            "signature_version": "v1",
            "id": "ASB-A-175193031-f6e75b95"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/8019ad13ef7f64be44d4f892af9c840179009254"
    ],
    "spl": "2021-08-05"
}