ASB-A-175451844
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-175451844.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-175451844
- Aliases
-
- A-175451844
- CVE-2020-29660
- Published
- 2021-10-01T00:00:00Z
- Modified
- 2025-08-06T16:29:06.385449Z
- Summary
- [none]
- Details
-
In several functions of tty_io.c and related files, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
],
"vanir_signatures": [
{
"source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
"target": {
"file": "drivers/tty/tty_io.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"180228680283374369989413483916025289913",
"308095095407607036140062560232566252757",
"124701444752169089570609347670136209690",
"250993402050866239795564199876443996523",
"98994193204391955053393349409132430588",
"8443003566027127269106625924906014867",
"273877747184941300959998598527992062084",
"129620973704786672057741442708663792363",
"168889036708998593075019533223311381796",
"15042649993839020582269144173174097084",
"80079680006326966291492259105597076901"
]
},
"signature_type": "Line",
"signature_version": "v1",
"id": "ASB-A-175451844-03124b6d"
},
{
"source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
"target": {
"function": "disassociate_ctty",
"file": "drivers/tty/tty_jobctrl.c"
},
"deprecated": false,
"digest": {
"function_hash": "46403272369286472446383904293111349540",
"length": 1295.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-175451844-0c344bf8"
},
{
"source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
"target": {
"function": "__proc_set_tty",
"file": "drivers/tty/tty_jobctrl.c"
},
"deprecated": false,
"digest": {
"function_hash": "33292448399326925234316101472245772704",
"length": 628.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-175451844-0c9e6c24"
},
{
"source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
"target": {
"file": "drivers/tty/tty_jobctrl.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"172647275850244123068926011950751363919",
"256013172192984139596932178943032631347",
"105937977990904179039567374719643005194",
"181456681277628433445730867829711976893",
"215960641960715695878074827306571297364",
"88568373431601013831164685396964796079",
"224421072961504934542008399770113916813",
"281768756558694835633614791555677621039",
"42720794122607861497283950267809472515",
"120394842235307112663645829479025812416",
"47270671121601337324257131727742065646",
"325608570018195816140129203439501034617",
"45883112463596946632297263689445712785",
"114810691279895185819851876826568612767",
"112257623719119217987521011253491414482",
"300648615351241321883704097818922568729",
"94691952771512473906549803669087169234",
"199769680556394980418754563158913758518",
"335763448128501009314061075499685348692",
"102425998200056111098618301803540172584",
"296459709960035483359750305190811215941",
"91847565752232093508738322644005111305",
"140243395643430909671349865952183783961",
"279229834851771365040298731087519495379",
"184885002117734542012469610129714802845",
"30230991828470014703941396959726214311",
"259302701780771174669192810821421211123",
"79655522187762922118322191270818657298",
"121696461656370062132013529725484192130",
"298178070601149766663705120145262128563",
"233404181447883959285784600711479470561",
"250253426506645472466638278808530325518",
"178684367323773797223172307460827936114",
"107960420887835893931775884290089031897",
"322991136220046015984089790324125781887",
"303174030707301652555076115195485908890",
"87392038734971738532553322798949667760",
"170396420592324612029374006974202916582",
"340057293138642444658392102369641455601",
"57569170850854654386666384984575603305",
"94170689697896871542269597350692703374",
"251159339448140494997133946955144825062",
"78177858559818117342202973719307617608",
"233598370501082444955162355122638476329",
"148272808823891799036091646904029511201",
"59934727570702112309813050204909442816",
"265853501255866054394270602871306233241",
"303510411391993781086937077848811706665",
"219713477441612074933219153882823446885"
]
},
"signature_type": "Line",
"signature_version": "v1",
"id": "ASB-A-175451844-624840c4"
},
{
"source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
"target": {
"function": "__do_SAK",
"file": "drivers/tty/tty_io.c"
},
"deprecated": false,
"digest": {
"function_hash": "110152949807816591880024261468598283165",
"length": 1184.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-175451844-6642841d"
},
{
"source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
"target": {
"function": "tiocgsid",
"file": "drivers/tty/tty_jobctrl.c"
},
"deprecated": false,
"digest": {
"function_hash": "74317975915546414177100903485982673494",
"length": 258.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-175451844-89e40695"
},
{
"source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
"target": {
"function": "tiocspgrp",
"file": "drivers/tty/tty_jobctrl.c"
},
"deprecated": false,
"digest": {
"function_hash": "10819461503779731792939548977694799307",
"length": 778.0
},
"signature_type": "Function",
"signature_version": "v1",
"id": "ASB-A-175451844-ba7aa7a2"
}
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2021-10-05"
}