PUB-A-190876666

See a problem?

Import Source

https://storage.googleapis.com/android-osv-test/PUB-A-190876666.json

JSON Data

https://api.test.osv.dev/v1/vulns/PUB-A-190876666

Aliases

A-190876666
CVE-2021-3490

Published

2021-10-01T00:00:00Z

Modified

2025-08-06T16:29:06.385449Z

Summary

[none]

Details

In scalar32minmax_and and related functions of verifier.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name: :linux_kernel:

Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2021-10-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "severity": "Moderate",
    "spl": "2021-10-05",
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "268499432086453695461947937618132504191",
                    "28815938530547566872089506784012690491",
                    "190249717404772973009232995727446553294",
                    "892011757368294255456249402586808",
                    "169157662988703443093812581696368870495",
                    "164990137553000868715299285382475257910",
                    "274206896470356226171965700578067493898",
                    "221821354740958865665602509088646630295",
                    "24494322262459022987948695924122194094",
                    "52159526969827808443106630344937546106",
                    "31150567897263568674238775655651999062",
                    "145625396532889948601410605337963483547",
                    "225831300382367568389693673335474818463",
                    "215280045947733659077807428387251882948",
                    "86066530608005036843640802640091308736",
                    "207113241709726354256977052671213352080",
                    "273868692051937357954194199866523804351",
                    "241128842217725226294423682710901380641"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "PUB-A-190876666-a169f7fe",
            "target": {
                "file": "kernel/bpf/verifier.c"
            },
            "source": "https://android.googlesource.com/kernel/common/+/049c4e13714ecbca567b4d5f6d563f05d431c80e",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "142109818106845907477021006749781667817",
                "length": 576.0
            },
            "signature_type": "Function",
            "id": "PUB-A-190876666-a2f0260c",
            "target": {
                "file": "kernel/bpf/verifier.c",
                "function": "scalar32_min_max_xor"
            },
            "source": "https://android.googlesource.com/kernel/common/+/049c4e13714ecbca567b4d5f6d563f05d431c80e",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "299568570170953130355747991110553210298",
                "length": 641.0
            },
            "signature_type": "Function",
            "id": "PUB-A-190876666-db89051d",
            "target": {
                "file": "kernel/bpf/verifier.c",
                "function": "scalar32_min_max_or"
            },
            "source": "https://android.googlesource.com/kernel/common/+/049c4e13714ecbca567b4d5f6d563f05d431c80e",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "179472125740756203902497080671537141265",
                "length": 628.0
            },
            "signature_type": "Function",
            "id": "PUB-A-190876666-f40bb38e",
            "target": {
                "file": "kernel/bpf/verifier.c",
                "function": "scalar32_min_max_and"
            },
            "source": "https://android.googlesource.com/kernel/common/+/049c4e13714ecbca567b4d5f6d563f05d431c80e",
            "deprecated": false,
            "signature_version": "v1"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/049c4e13714ecbca567b4d5f6d563f05d431c80e"
    ]
}