PUB-A-154177719

See a problem?
Import Source
https://storage.googleapis.com/android-osv-test/PUB-A-154177719.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-154177719
Aliases
Published
2021-10-01T00:00:00Z
Modified
2024-10-23T16:43:06.926828Z
Summary
[none]
Details

In bpfskbchange_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2021-10-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 143.0,
                "function_hash": "137750596739827142383440686567359026006"
            },
            "id": "PUB-A-154177719-2659fae5",
            "source": "https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/core/filter.c",
                "function": "__bpf_skb_max_len"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 539.0,
                "function_hash": "80986673427504888426221350849878848789"
            },
            "id": "PUB-A-154177719-41b834ea",
            "source": "https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/core/filter.c",
                "function": "__bpf_skb_change_tail"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "259945764881074619719629723458681249767",
                    "211702882046350222074973401003562500487",
                    "151907955510445705390785540960532420052",
                    "68176734093958623301963053393629470950",
                    "225562373724743555382354025186081879072",
                    "190028318914772261028234194399779291138",
                    "93796378132038944792557713097547750487",
                    "336181921167223465394791960094320316759",
                    "311820212607240749522446917574931627995",
                    "146807328354191437961850864036584372226",
                    "237655477908554768622172785463694605008",
                    "27574865760179538416505590557967602693",
                    "69736329567188186914680998775123579129",
                    "2733381238734308438062737694884319427",
                    "30411977170196555566438412885086409555",
                    "104428656257482569784448451277521778580",
                    "75343475432331829089969446875794635965",
                    "160501476631950876016368629880894036894",
                    "17352010099512609550099766235438737832",
                    "93165544051822768836533468225061610095"
                ]
            },
            "id": "PUB-A-154177719-4e51491f",
            "source": "https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/core/filter.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1091.0,
                "function_hash": "67194930366748494138991667952683909923"
            },
            "id": "PUB-A-154177719-6204ae5f",
            "source": "https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/core/filter.c",
                "function": "BPF_CALL_4"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 434.0,
                "function_hash": "133660366625343567883229768301105442654"
            },
            "id": "PUB-A-154177719-72072798",
            "source": "https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/core/filter.c",
                "function": "__bpf_skb_change_head"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae"
    ],
    "spl": "2021-10-05",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}