PUB-A-120612905
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/PUB-A-120612905.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-120612905
- Aliases
-
- A-120612905
- CVE-2021-39636
- Published
- 2021-12-01T00:00:00Z
- Modified
- 2024-09-19T16:27:31.584052Z
- Summary
- [netfilter: information leak can be used to bypass KASLR]
- Details
-
In doiptgetctl and doiptsetctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2021-12-01
- https://android.googlesource.com/kernel/common/+/8a1b3c7bd71ef1e7a4537216858dbe7d13eec6ed
- https://android.googlesource.com/kernel/common/+/d104670ce30b9f910f39fbaad3ec59f87fa43468
- https://android.googlesource.com/kernel/common/+/bb5bc03a5056b4b22f00b7333c42c861b83ef19f
- https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a
- https://android.googlesource.com/kernel/common/+/823f05d71506017aa4d47ae8b9546081686098fe
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"243270046460988781684894538181980176893",
"114232880425015277288579487471268225456",
"142489722287237365355980341136411154430",
"334173574046043772092491021620971019282"
]
},
"id": "PUB-A-120612905-0db5b911",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_rateest.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"219094913715399720969729480259549028331",
"85497001955086388962958101719378169070",
"284907326311386364131889835492751321471",
"34862267564521047297822091567580116212"
]
},
"id": "PUB-A-120612905-0ee8d763",
"source": "https://android.googlesource.com/kernel/common/+/823f05d71506017aa4d47ae8b9546081686098fe",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_nfacct.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1402.0,
"function_hash": "312910821722899490347916970429396227803"
},
"id": "PUB-A-120612905-1d27d917",
"source": "https://android.googlesource.com/kernel/common/+/d104670ce30b9f910f39fbaad3ec59f87fa43468",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/ipv4/netfilter/ip_tables.c",
"function": "copy_entries_to_user"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"92134237336564707963936518953509050832",
"80562760092222268162514069482395641333",
"104548275558251994515081381550772402312",
"285098636756622164626841817891017847852"
]
},
"id": "PUB-A-120612905-23c484e0",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/bridge/netfilter/ebt_limit.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"169358653405769060465705850770554965815",
"187174610044304749280613163978868754669",
"260096969598357753551654636746029065713",
"69918988924929258887797716946445783527",
"219126862821812169878265724209961839313",
"191592032877287715090858625274498544590",
"336397255482414101738945152197692780587",
"69918988924929258887797716946445783527"
]
},
"id": "PUB-A-120612905-2690556e",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_TEE.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"97947237015027342416714764071345444207",
"279070881242308989178332136949892386672",
"130536481518332403006720334327756684574",
"325501306388439768303726222284626203824",
"227105158094164955334920321715828067648",
"289161172293693534546513413715683133981"
]
},
"id": "PUB-A-120612905-2df7224f",
"source": "https://android.googlesource.com/kernel/common/+/823f05d71506017aa4d47ae8b9546081686098fe",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_limit.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"200384740237580949823352715037728381681",
"94119677492443589173704564275887164520",
"13583244695466276647964982870779855906",
"303472592017332922220303946712023674154"
]
},
"id": "PUB-A-120612905-2eb2cc26",
"source": "https://android.googlesource.com/kernel/common/+/823f05d71506017aa4d47ae8b9546081686098fe",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_IDLETIMER.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"237026302779510665045172093544242953363",
"292292258179418740679890998331668773447",
"29910248418895382284363506189771309165",
"292856707546673250585589388726883900270",
"17683472217303183984075869877724706823",
"94386116655139035800606635290902009532",
"129835070131660831331089481715057590363",
"322320362657220965688269598738738640505",
"62655329057913932286687099827898209234",
"187686808347035286553980132834621303048",
"60712120755268478816567391363650009264",
"46312986875132179738747741169636236356",
"79836261281012996280695581416138825991",
"84066393475927168823896254441536329955",
"209810092212214429797063406599519263002",
"186299859426668019497769345204568941955",
"153914006908639488567737032311701295293",
"161064173476771506157057949341539874367",
"56049078649909542560964754966219169709",
"113062916782309755984513775381381933185",
"89177586385455231961967151293515950181",
"65044710857048251582444127804199635418",
"303693700526804902420018106202749139907",
"160878417829073402597504972810843443288",
"163330325487694457595812552299005943740",
"103965421145721158486813622676467575259",
"198524589535048296916374972125616993468",
"126907963301864914880813590220683156219",
"194426445689599313550892787973796936523",
"11828824233422009220127699256989713653"
]
},
"id": "PUB-A-120612905-3a82baf4",
"source": "https://android.googlesource.com/kernel/common/+/bb5bc03a5056b4b22f00b7333c42c861b83ef19f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"153281411301896278022949672428022094175",
"102845278306459707098254281653184665561",
"139329412944708538793510544949587874939",
"35386404860336113306798568236009136849"
]
},
"id": "PUB-A-120612905-406cc1ea",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_connlimit.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"329755293507373039659950392022644288566",
"128528394652386325606052334812129439723",
"283111377586156005513924787727240503945",
"92966166119545222766312807765127405934",
"333828756407123976975778667266787480242",
"221540725714792205737966930800904155695",
"126167191370964571028911421522704823875",
"236065746885327639510964723155368360598",
"102877161449778873663143115282196167700",
"69588917442223956762617862494514240006",
"91463743905086642256451478987625540936"
]
},
"id": "PUB-A-120612905-43f46ac5",
"source": "https://android.googlesource.com/kernel/common/+/8a1b3c7bd71ef1e7a4537216858dbe7d13eec6ed",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/linux/netfilter/x_tables.h"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"25780180820805937916436873676718021775",
"125372475358694141901542059448375053135",
"68523546705080850564093800000300448088",
"75325436411342604429810169433327046579"
]
},
"id": "PUB-A-120612905-61afcd1f",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_string.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"239194033720954651280399154861678520940",
"339890387752579184515625168536018233857",
"144596244917152641182716834534806175779",
"36055187307764904710502421192756035488"
]
},
"id": "PUB-A-120612905-630b4609",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_quota.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"266462376060649908265687264070810506956",
"131737918223958501654907424643258081495",
"281846790433579805453891348535754516924",
"143068539061898744109585547729142300034"
]
},
"id": "PUB-A-120612905-737b8f9a",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_RATEEST.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"325262913569407104972114101212162628041",
"48054987991820096847336329184509910992",
"175112299218292965310466293338264644532",
"13876697100223159223120323611236856578"
]
},
"id": "PUB-A-120612905-82e514c9",
"source": "https://android.googlesource.com/kernel/common/+/823f05d71506017aa4d47ae8b9546081686098fe",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_LED.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"339909876211553500365532510506408484900",
"154987134065369154900910721992078080344",
"166360764902909465154561370549785088412",
"57380532314251135318751455807586075752",
"189530922414341753435463922140530063323",
"336785455071003768524079936101983690605",
"210205228448279092570283529866114843360",
"222367437040208728029643422620315743906"
]
},
"id": "PUB-A-120612905-95d4bd38",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_bpf.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"225694219464203467085154830169743803998",
"92916559648574153406418634668964988176",
"82992188878013317004382388081680788928",
"115560530113900395513571186483341880502"
]
},
"id": "PUB-A-120612905-981f5702",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_cgroup.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"246730752812815456669837657759060234936",
"158044432870876133130208772265871701797",
"233255662055584181308513463928771655881",
"159712144278167101927567091961251686521",
"236180311322795033974785974239652488675",
"216202709296963414435966815041813569189",
"37336804422190223252446909773999335032",
"161010788845886064718653115308860477519",
"67109255534682875059807306505627405916",
"275307728307626985590467780431659486690",
"233255662055584181308513463928771655881",
"159712144278167101927567091961251686521",
"255443923596446170134635784913813301901",
"212037870651628057728715791402496930456",
"37336804422190223252446909773999335032",
"161010788845886064718653115308860477519"
]
},
"id": "PUB-A-120612905-a6f11236",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_hashlimit.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"232527285965712328960082153362938482289",
"76014827994540789083174002791360185579",
"60126762704251951986013317346895728808"
]
},
"id": "PUB-A-120612905-b2dd7bd1",
"source": "https://android.googlesource.com/kernel/common/+/8a1b3c7bd71ef1e7a4537216858dbe7d13eec6ed",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/x_tables.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"155881274902064298703288791090457692324",
"125747187229837554507349188465893806038",
"109120303669981510454137980459767559937",
"22837292268963209841860687249549325280",
"163997576006874147898589261142780381474",
"2845859520616684468878892553272500147",
"155024963705068375611057229377373696371",
"267255575076087843258130267353809640649"
]
},
"id": "PUB-A-120612905-bbbec5ac",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/ipv6/netfilter/ip6t_NPT.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1402.0,
"function_hash": "312910821722899490347916970429396227803"
},
"id": "PUB-A-120612905-c25ddedb",
"source": "https://android.googlesource.com/kernel/common/+/bb5bc03a5056b4b22f00b7333c42c861b83ef19f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/ipv6/netfilter/ip6_tables.c",
"function": "copy_entries_to_user"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"35249742127594710774580186487404441077",
"121609652769737417514155023761085626748",
"33766712404861566168245520614356035582",
"119956220242814241949193535372885502867",
"27170934710909330453508847042829674281",
"192729066628331942982830326528093415068",
"164088291413265077881141342878651882810",
"44042697220297797333426725962243093806",
"35638803388178810653520912759256336043",
"64536790327600778744702282514603807184",
"1744710584967618126911396060631896658",
"92523437337589927699548855710907196422"
]
},
"id": "PUB-A-120612905-c3936176",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_CT.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"197055753870031739469264339783460482979",
"160821036433910140017477955700979920193",
"152994087407866596678467787764041719147",
"216991884424802965140759241427171708339"
]
},
"id": "PUB-A-120612905-c5847170",
"source": "https://android.googlesource.com/kernel/common/+/823f05d71506017aa4d47ae8b9546081686098fe",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_statistic.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"285546999671338833248948664997216715138",
"23667477731470781187989880947294520314",
"251578032814269300017363658860210594106",
"88003581168460741413085089080187085254"
]
},
"id": "PUB-A-120612905-cbec4252",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/ipv4/netfilter/ipt_CLUSTERIP.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"237026302779510665045172093544242953363",
"292292258179418740679890998331668773447",
"29910248418895382284363506189771309165",
"292856707546673250585589388726883900270",
"17683472217303183984075869877724706823",
"94386116655139035800606635290902009532",
"129835070131660831331089481715057590363",
"51905824596423571427736088461984732635",
"105137589724435182635575387766451066469",
"190536728615278195631803715580140140358",
"90289353727123684467052763813683321461",
"46312986875132179738747741169636236356",
"79836261281012996280695581416138825991",
"84066393475927168823896254441536329955",
"209810092212214429797063406599519263002",
"186299859426668019497769345204568941955",
"153914006908639488567737032311701295293",
"161064173476771506157057949341539874367",
"56049078649909542560964754966219169709",
"113062916782309755984513775381381933185",
"89177586385455231961967151293515950181",
"41908817282934220122580046722798960807",
"7582554924805965799739425539747489191",
"218937491568996871294881452541913812557",
"74750236153866834384192750154137622282",
"103965421145721158486813622676467575259",
"198524589535048296916374972125616993468",
"126907963301864914880813590220683156219",
"194426445689599313550892787973796936523",
"11828824233422009220127699256989713653"
]
},
"id": "PUB-A-120612905-cf95ac99",
"source": "https://android.googlesource.com/kernel/common/+/d104670ce30b9f910f39fbaad3ec59f87fa43468",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"213731108938639611679344334105205843555",
"17995968776386813088635905116622258129",
"6774933488141407685841346962649172829",
"189457415722155542331412480444807470966"
]
},
"id": "PUB-A-120612905-e17a77e0",
"source": "https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/xt_limit.c"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/8a1b3c7bd71ef1e7a4537216858dbe7d13eec6ed",
"https://android.googlesource.com/kernel/common/+/d104670ce30b9f910f39fbaad3ec59f87fa43468",
"https://android.googlesource.com/kernel/common/+/bb5bc03a5056b4b22f00b7333c42c861b83ef19f",
"https://android.googlesource.com/kernel/common/+/dcd0c8c3e87cf08344e169fdb94eb7ec96c3c32a",
"https://android.googlesource.com/kernel/common/+/823f05d71506017aa4d47ae8b9546081686098fe"
],
"spl": "2021-12-05",
"severity": "Moderate",
"types": [
"ID"
]
}