PUB-A-168881044

See a problem?

Import Source

https://storage.googleapis.com/android-osv-test/PUB-A-168881044.json

JSON Data

https://api.osv.dev/v1/vulns/PUB-A-168881044

Aliases

A-168881044
CVE-2020-25285

Published

2021-10-01T00:00:00Z

Modified

2024-09-19T16:27:42.750848Z

Summary

Android Vomit Report

Details

In hugetlbsysctlhandler_common and related functions of hugetlb.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name: :linux_kernel:

Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2021-10-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "78427202925527779349980016267686973995",
                    "338377802588085533664388610784190761551",
                    "256267166488348839840768874250796996296",
                    "4970458604033063215999046892688571996",
                    "308375545043524342862824577489080759380",
                    "316161863518024943443887858991207575451",
                    "328824381190401889148034092091657180502",
                    "123731079449201011466761021242276376826",
                    "90693052548908672831086892649478154469",
                    "124377126167245379507221920113642622334",
                    "312595602721307417037474824336717395303",
                    "34370117864617520962682324390996520906",
                    "237607865337097299852604719082629131461",
                    "123731079449201011466761021242276376826",
                    "90693052548908672831086892649478154469",
                    "121859444371198340807101242839924512618"
                ]
            },
            "id": "PUB-A-168881044-25b7b243",
            "source": "https://android.googlesource.com/kernel/common/+/17743798d81238ab13050e8e2833699b54e15467",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "mm/hugetlb.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 500.0,
                "function_hash": "302141843589403206817579250493394775559"
            },
            "id": "PUB-A-168881044-581ada1c",
            "source": "https://android.googlesource.com/kernel/common/+/17743798d81238ab13050e8e2833699b54e15467",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "mm/hugetlb.c",
                "function": "hugetlb_sysctl_handler_common"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 586.0,
                "function_hash": "154081086041580517127473271631497752087"
            },
            "id": "PUB-A-168881044-73179552",
            "source": "https://android.googlesource.com/kernel/common/+/17743798d81238ab13050e8e2833699b54e15467",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "mm/hugetlb.c",
                "function": "hugetlb_overcommit_handler"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/17743798d81238ab13050e8e2833699b54e15467"
    ],
    "spl": "2021-10-05",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}