ASB-A-187527909
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-187527909.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-187527909
- Aliases
-
- A-187527909
- CVE-2021-0929
- Published
- 2021-11-01T00:00:00Z
- Modified
- 2025-08-06T16:29:06.385449Z
- Summary
- [none]
- Details
-
In iondmabufendcpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2021-11-01
- https://android.googlesource.com/kernel/common/+/41a097c0ed6658bf451c5cf993ab0469eb1ce4a5
- https://android.googlesource.com/kernel/common/+/6c5bc69f722cb5e2fe47196ee8f1aabe6498f8a7
- https://android.googlesource.com/kernel/common/+/212b4d3a42674d2cf366bd7b06fe9faae03477fc
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"severity": "High",
"vanir_signatures": [
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_kmap"
},
"digest": {
"length": 140.0,
"function_hash": "195722673925640084422639295770002943679"
},
"id": "ASB-A-187527909-01ef34db",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/212b4d3a42674d2cf366bd7b06fe9faae03477fc"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_begin_cpu_access"
},
"digest": {
"length": 547.0,
"function_hash": "206986148096211544774683689508135943114"
},
"id": "ASB-A-187527909-063d4953",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/212b4d3a42674d2cf366bd7b06fe9faae03477fc"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_kunmap"
},
"digest": {
"length": 82.0,
"function_hash": "79144228208000238018888053655216394992"
},
"id": "ASB-A-187527909-3d1903c7",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/212b4d3a42674d2cf366bd7b06fe9faae03477fc"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"249066358212834938455699761282448994289",
"20539578648483390193254553333611045840",
"179827726437456651862908069688118492924",
"141924015733948418092293078709681042194",
"201383086444203568358868236678414741286",
"199179549797925746716130769304692276826",
"272749708760699128860878562267988890970",
"328611238461427159647883359070054812754",
"26379492449315299543773821901290637950",
"87748561920922140561019492040327874758",
"123139554986949890370608192767506906260",
"179589109739324398892959199539908895597",
"140724013028973520856705260361510888523",
"311675942543205862959059086820418550006",
"227795386900371493919055165185538554573",
"122816833480875909443058159044879512967",
"223814426961684436997919770410743789866",
"300121931082677979237573013968843293065",
"99444145125501789453600676534860892610",
"322551413266926498670118701667354961732",
"74657148691207119022321290584698411202",
"13035350975208685226916018784322178998",
"300849771573467467085021907923491562741",
"206652248698350734872624716743243647805",
"240620953083056499157559761684150322217",
"228158986422014112655128979674540962633",
"283720778263577005111775633912806337088",
"207409003962267234561808209840035404172",
"20543453959087720706928167862484543581",
"234361410497323445719891510685748233784",
"324387833057816560324127729605731928639",
"12380181803741549776230239134902745970",
"94484516819600914086009351733026683992",
"70836429685911043427356410719038222975",
"18440571022710281444460301295351708271",
"30535394582456113944654485549145066553",
"310587365513022314660535116801663066891",
"106830770056973632698873989061600847922",
"119650311747799964613110607960508756821",
"315059257946452342655651623700721860274",
"240620953083056499157559761684150322217",
"256528861691967744126007768399871008988"
]
},
"id": "ASB-A-187527909-4eac53ec",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/212b4d3a42674d2cf366bd7b06fe9faae03477fc"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"20539578648483390193254553333611045840",
"179827726437456651862908069688118492924",
"141924015733948418092293078709681042194",
"201383086444203568358868236678414741286",
"199179549797925746716130769304692276826",
"272749708760699128860878562267988890970",
"328611238461427159647883359070054812754",
"26379492449315299543773821901290637950",
"87748561920922140561019492040327874758",
"123139554986949890370608192767506906260",
"179589109739324398892959199539908895597",
"304652337720050164297849595829195174209",
"2869413381275438192100814402431886298",
"61173940554359686478136935444809693946",
"169939571894549799541037552877774257481",
"92032639136845184183630528414765456022",
"311840568926776812105905800735386925975",
"285798419134526528177016118313386285216",
"81283162952904338844942573996900798196",
"332962348319238577089509578116413115825",
"227532210184372226064926865815847763853",
"285198221363417626812300892254568574399",
"91328405192470282273182549813103350920",
"40350109271116563202989601009302828958",
"73102241089764686719020238700644366141",
"261774766109168544841284018642366024770",
"179463440854547221879389424988064664954",
"58766440765417026370477270401165094476",
"22284501533912241901444231234067331727",
"15593368031883230974436237524692518568",
"255149162919565264933919935990407318245"
]
},
"id": "ASB-A-187527909-7d4b0233",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/41a097c0ed6658bf451c5cf993ab0469eb1ce4a5"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"249066358212834938455699761282448994289",
"20539578648483390193254553333611045840",
"179827726437456651862908069688118492924",
"141924015733948418092293078709681042194",
"201383086444203568358868236678414741286",
"199179549797925746716130769304692276826",
"272749708760699128860878562267988890970",
"328611238461427159647883359070054812754",
"26379492449315299543773821901290637950",
"87748561920922140561019492040327874758",
"123139554986949890370608192767506906260",
"179589109739324398892959199539908895597",
"140724013028973520856705260361510888523",
"285127917829498100531280737645706141567",
"49977028685299000808399082565838405821",
"23306396583429076204133994731715266219",
"10694916061325204482358480496522048950",
"183182280864486344065236301147278090068",
"81416369757700405355343746647194616763",
"240620953083056499157559761684150322217",
"228158986422014112655128979674540962633",
"18440571022710281444460301295351708271",
"30535394582456113944654485549145066553",
"310587365513022314660535116801663066891",
"106830770056973632698873989061600847922",
"119650311747799964613110607960508756821",
"315059257946452342655651623700721860274",
"240620953083056499157559761684150322217",
"256528861691967744126007768399871008988"
]
},
"id": "ASB-A-187527909-86c5ce17",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/6c5bc69f722cb5e2fe47196ee8f1aabe6498f8a7"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_kunmap"
},
"digest": {
"length": 82.0,
"function_hash": "79144228208000238018888053655216394992"
},
"id": "ASB-A-187527909-89ef6419",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/6c5bc69f722cb5e2fe47196ee8f1aabe6498f8a7"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_end_cpu_access"
},
"digest": {
"length": 433.0,
"function_hash": "221181389610908007706986932706211803173"
},
"id": "ASB-A-187527909-9433b2a4",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/6c5bc69f722cb5e2fe47196ee8f1aabe6498f8a7"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_end_cpu_access"
},
"digest": {
"length": 433.0,
"function_hash": "221181389610908007706986932706211803173"
},
"id": "ASB-A-187527909-9ae8164f",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/212b4d3a42674d2cf366bd7b06fe9faae03477fc"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_kmap"
},
"digest": {
"length": 140.0,
"function_hash": "195722673925640084422639295770002943679"
},
"id": "ASB-A-187527909-a22c372a",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/6c5bc69f722cb5e2fe47196ee8f1aabe6498f8a7"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_end_cpu_access"
},
"digest": {
"length": 175.0,
"function_hash": "3702876559923310251683982687950384747"
},
"id": "ASB-A-187527909-a3e26957",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/41a097c0ed6658bf451c5cf993ab0469eb1ce4a5"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_kmap"
},
"digest": {
"length": 140.0,
"function_hash": "195722673925640084422639295770002943679"
},
"id": "ASB-A-187527909-c67f9035",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/41a097c0ed6658bf451c5cf993ab0469eb1ce4a5"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_begin_cpu_access"
},
"digest": {
"length": 352.0,
"function_hash": "244437003841789933818856825649858393399"
},
"id": "ASB-A-187527909-ce7df260",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/41a097c0ed6658bf451c5cf993ab0469eb1ce4a5"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_begin_cpu_access"
},
"digest": {
"length": 453.0,
"function_hash": "177554255729869525319371519669016808214"
},
"id": "ASB-A-187527909-e1312e30",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/6c5bc69f722cb5e2fe47196ee8f1aabe6498f8a7"
},
{
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_dma_buf_kunmap"
},
"digest": {
"length": 82.0,
"function_hash": "79144228208000238018888053655216394992"
},
"id": "ASB-A-187527909-fbbb9e83",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/41a097c0ed6658bf451c5cf993ab0469eb1ce4a5"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/41a097c0ed6658bf451c5cf993ab0469eb1ce4a5",
"https://android.googlesource.com/kernel/common/+/6c5bc69f722cb5e2fe47196ee8f1aabe6498f8a7",
"https://android.googlesource.com/kernel/common/+/212b4d3a42674d2cf366bd7b06fe9faae03477fc"
],
"spl": "2021-11-05",
"types": [
"EoP"
]
}