ASB-A-175451844

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-175451844.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-175451844
Aliases
Published
2021-10-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In several functions of tty_io.c and related files, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2021-10-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "180228680283374369989413483916025289913",
                    "308095095407607036140062560232566252757",
                    "124701444752169089570609347670136209690",
                    "250993402050866239795564199876443996523",
                    "98994193204391955053393349409132430588",
                    "8443003566027127269106625924906014867",
                    "273877747184941300959998598527992062084",
                    "129620973704786672057741442708663792363",
                    "168889036708998593075019533223311381796",
                    "15042649993839020582269144173174097084",
                    "80079680006326966291492259105597076901"
                ]
            },
            "id": "ASB-A-175451844-03124b6d",
            "source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/tty_io.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1295.0,
                "function_hash": "46403272369286472446383904293111349540"
            },
            "id": "ASB-A-175451844-0c344bf8",
            "source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/tty_jobctrl.c",
                "function": "disassociate_ctty"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 628.0,
                "function_hash": "33292448399326925234316101472245772704"
            },
            "id": "ASB-A-175451844-0c9e6c24",
            "source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/tty_jobctrl.c",
                "function": "__proc_set_tty"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172647275850244123068926011950751363919",
                    "256013172192984139596932178943032631347",
                    "105937977990904179039567374719643005194",
                    "181456681277628433445730867829711976893",
                    "215960641960715695878074827306571297364",
                    "88568373431601013831164685396964796079",
                    "224421072961504934542008399770113916813",
                    "281768756558694835633614791555677621039",
                    "42720794122607861497283950267809472515",
                    "120394842235307112663645829479025812416",
                    "47270671121601337324257131727742065646",
                    "325608570018195816140129203439501034617",
                    "45883112463596946632297263689445712785",
                    "114810691279895185819851876826568612767",
                    "112257623719119217987521011253491414482",
                    "300648615351241321883704097818922568729",
                    "94691952771512473906549803669087169234",
                    "199769680556394980418754563158913758518",
                    "335763448128501009314061075499685348692",
                    "102425998200056111098618301803540172584",
                    "296459709960035483359750305190811215941",
                    "91847565752232093508738322644005111305",
                    "140243395643430909671349865952183783961",
                    "279229834851771365040298731087519495379",
                    "184885002117734542012469610129714802845",
                    "30230991828470014703941396959726214311",
                    "259302701780771174669192810821421211123",
                    "79655522187762922118322191270818657298",
                    "121696461656370062132013529725484192130",
                    "298178070601149766663705120145262128563",
                    "233404181447883959285784600711479470561",
                    "250253426506645472466638278808530325518",
                    "178684367323773797223172307460827936114",
                    "107960420887835893931775884290089031897",
                    "322991136220046015984089790324125781887",
                    "303174030707301652555076115195485908890",
                    "87392038734971738532553322798949667760",
                    "170396420592324612029374006974202916582",
                    "340057293138642444658392102369641455601",
                    "57569170850854654386666384984575603305",
                    "94170689697896871542269597350692703374",
                    "251159339448140494997133946955144825062",
                    "78177858559818117342202973719307617608",
                    "233598370501082444955162355122638476329",
                    "148272808823891799036091646904029511201",
                    "59934727570702112309813050204909442816",
                    "265853501255866054394270602871306233241",
                    "303510411391993781086937077848811706665",
                    "219713477441612074933219153882823446885"
                ]
            },
            "id": "ASB-A-175451844-624840c4",
            "source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/tty_jobctrl.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1184.0,
                "function_hash": "110152949807816591880024261468598283165"
            },
            "id": "ASB-A-175451844-6642841d",
            "source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/tty_io.c",
                "function": "__do_SAK"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 258.0,
                "function_hash": "74317975915546414177100903485982673494"
            },
            "id": "ASB-A-175451844-89e40695",
            "source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/tty_jobctrl.c",
                "function": "tiocgsid"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 778.0,
                "function_hash": "10819461503779731792939548977694799307"
            },
            "id": "ASB-A-175451844-ba7aa7a2",
            "source": "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/tty_jobctrl.c",
                "function": "tiocspgrp"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
    ],
    "spl": "2021-10-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}