ASB-A-208277166
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-208277166.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-208277166
- Aliases
-
- A-208277166
- CVE-2021-39800
- Published
- 2022-04-01T00:00:00Z
- Modified
- 2026-05-01T15:24:27.653932Z
- Summary
- [none]
- Details
-
In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/kernel/common/+/504e1d6ee65d5",
"https://android.googlesource.com/kernel/common/+/a8200613c8c9f",
"https://android.googlesource.com/kernel/common/+/c47385c73fced"
],
"severity": "High",
"spl": "2022-04-05",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-003f29a7",
"digest": {
"line_hashes": [
"151033958707289077932689979513354046405",
"216635458604075882410516048667531317036",
"302664414490971408997864319493595674834",
"221739946267379680246427709751205225781",
"225733980763646134140239715297400349801",
"205573501524462817502913143586070984544",
"222786911308159080010190805770024787004",
"208672130430734485746797742826257922828",
"11610389113332808972779191315566787485",
"5735080047482657032000385699806553598",
"310462665825707919787718418861642143950",
"103008139145088230189557335111397720498",
"80106757133994343482217215752005749377",
"251421797600579815286384243614451403060",
"54690302684252438497159593156613049562"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/c47385c73fced",
"signature_type": "Line",
"target": {
"file": "drivers/staging/android/ion/ion-ioctl.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-00476d3e",
"digest": {
"length": 165.0,
"function_hash": "257640874776738313320362658483379389384"
},
"source": "https://android.googlesource.com/kernel/common/+/a8200613c8c9f",
"signature_type": "Function",
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_handle_validate"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-3941d19a",
"digest": {
"length": 997.0,
"function_hash": "194396682045491494479867707450503354625"
},
"source": "https://android.googlesource.com/kernel/common/+/504e1d6ee65d5",
"signature_type": "Function",
"target": {
"file": "drivers/staging/android/ion/ion.c",
"function": "ion_alloc"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-5d8783ef",
"digest": {
"line_hashes": [
"115316621478917446111076648487400790093",
"213608249474176736864228350980329419459",
"161788460852369129312235424821745585785",
"135617328054686189623692053771021851855",
"165406810494529109394699560786033572828"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/a8200613c8c9f",
"signature_type": "Line",
"target": {
"file": "drivers/staging/android/ion/ion.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-6dcf5156",
"digest": {
"line_hashes": [
"169032866111039584027050290384993199818",
"45260048469060672154123496409544231969",
"109798341365019266796925823364778754703",
"23492863868278338197414794809765120393",
"135575277495845586430922187484187761214",
"14159644319171079361058387496568664809",
"49565967641699121164462378510102989089",
"205007637486206190812880135691145173827",
"286456444278515149960324215844959712534",
"335328932922453855797786703943064981072",
"117846597220734447697643058427326609179",
"298768025420993361783823801269014974710",
"139022679760657808204069842830364986076",
"103008139145088230189557335111397720498",
"97784340856823063467455758773913511647",
"54601529414435026616427798900040392104",
"295049293083888451023542091012574865351",
"154518143699404748536457234681962189006",
"47616660811352131265273323140432238849",
"312712170788142948634017861087406518434",
"162312064554073253917769600024249479953",
"49876865655404111109909385162452499600"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/a8200613c8c9f",
"signature_type": "Line",
"target": {
"file": "drivers/staging/android/ion/ion-ioctl.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-87a7046c",
"digest": {
"line_hashes": [
"72030289616729065893074888938306378018",
"203828467542625958953853030784127242982",
"221106329187612027717753517310982106318"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/504e1d6ee65d5",
"signature_type": "Line",
"target": {
"file": "drivers/staging/android/ion/ion.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-b90567aa",
"digest": {
"length": 2254.0,
"function_hash": "199726031936338387520154907803516144643"
},
"source": "https://android.googlesource.com/kernel/common/+/a8200613c8c9f",
"signature_type": "Function",
"target": {
"file": "drivers/staging/android/ion/ion-ioctl.c",
"function": "ion_ioctl"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-db0ef49e",
"digest": {
"line_hashes": [
"252964648987737316041003505877199307967",
"286306285580761724214672628370304881257",
"272996489787136708497938920513206387268",
"124501695248120607727793710911504574049",
"273315269955682704448441174283122383550",
"124986485248968300642481103801406421945",
"301357216895032312203679321575057657646"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/a8200613c8c9f",
"signature_type": "Line",
"target": {
"file": "drivers/staging/android/ion/ion_priv.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-ef5cf0ba",
"digest": {
"length": 2418.0,
"function_hash": "193762571505050839149557422263497255083"
},
"source": "https://android.googlesource.com/kernel/common/+/c47385c73fced",
"signature_type": "Function",
"target": {
"file": "drivers/staging/android/ion/ion-ioctl.c",
"function": "ion_ioctl"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-f654ae31",
"digest": {
"length": 2194.0,
"function_hash": "167391083008459275423407210704065747708"
},
"source": "https://android.googlesource.com/kernel/common/+/504e1d6ee65d5",
"signature_type": "Function",
"target": {
"file": "drivers/staging/android/ion/ion-ioctl.c",
"function": "ion_ioctl"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-f76d470b",
"digest": {
"line_hashes": [
"234169670576267102804229620753238111498",
"325437771204467165614668530822809638663",
"244605751180689327088290003111144478609",
"148326263044794487929845218259641970817",
"123880761713220177931956264222623010877",
"237930637910431024811205228433767112225",
"41428011087008769976365949201988140769",
"198311571423132510927805749041089391906",
"244207441712928132596878135121434199488",
"215253039158303253160431955927876565085",
"182196715250716146213728330906729209937",
"248250597680557493742077190509874551952",
"278253701601950672219683139226723151853",
"201541717412904143452260414197344225132"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/504e1d6ee65d5",
"signature_type": "Line",
"target": {
"file": "drivers/staging/android/ion/ion-ioctl.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-208277166-fee44e35",
"digest": {
"line_hashes": [
"257737927408165704806799185401347417491",
"244198503613174304217601679170999417096",
"289109822885074938276036798598302941116",
"302902507409333248070956712292208314863",
"317191527901081197482347274890779005232",
"320877193886064486212943847598354552050",
"93929187523131189838550234545780551614",
"165027308652524208329242819120042559829",
"322321429631813108620020529978070545106",
"209613764484524100735470668749321669392",
"157952586831566872996180551778066034841",
"32610049557441676041268696173107650180",
"200751683175214098855700849041843731504",
"195568203124863052195549374361046822207"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/504e1d6ee65d5",
"signature_type": "Line",
"target": {
"file": "drivers/staging/android/ion/ion.c"
}
}
],
"types": [
"ID"
]
}