ASB-A-396331793
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-396331793.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-396331793
- Aliases
-
- A-396331793
- CVE-2025-21756
- Published
- 2025-09-01T00:00:00Z
- Modified
- 2025-12-11T16:45:10.864293Z
- Summary
- [none]
- Details
-
In multiple functions of af_vsock.c, there is a possible way to cause a use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2025-09-01
- https://android.googlesource.com/kernel/common/+/9241eb16e35eb5fb700caf060ff0efb0e0a0fcd7
- https://android.googlesource.com/kernel/common/+/50854473806ad532c32bdf23327823b860670849
- https://android.googlesource.com/kernel/common/+/537268adf4cdb2b5ec905c01ffa919a71556ffa8
- https://android.googlesource.com/kernel/common/+/e2647b0fb4204838e32275f85859b029dc9f36b4
- https://android.googlesource.com/kernel/common/+/7f11cc02d9eeec5c0eca76ddfa5f5f1c3c6688f2
- https://android.googlesource.com/kernel/common/+/cd0ebcd1757913ed6232b90203f586cd4b59de42
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/kernel/common/+/9241eb16e35eb5fb700caf060ff0efb0e0a0fcd7",
"https://android.googlesource.com/kernel/common/+/50854473806ad532c32bdf23327823b860670849",
"https://android.googlesource.com/kernel/common/+/537268adf4cdb2b5ec905c01ffa919a71556ffa8",
"https://android.googlesource.com/kernel/common/+/e2647b0fb4204838e32275f85859b029dc9f36b4",
"https://android.googlesource.com/kernel/common/+/7f11cc02d9eeec5c0eca76ddfa5f5f1c3c6688f2",
"https://android.googlesource.com/kernel/common/+/cd0ebcd1757913ed6232b90203f586cd4b59de42"
],
"severity": "Moderate",
"types": [
"EoP"
],
"spl": "2025-09-05",
"vanir_signatures": [
{
"id": "ASB-A-396331793-00fb50b2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"216031250881535994547217481730219102762",
"90555138792096488986296963783855082302",
"98018131091013516664770668311754345692",
"242604298144200656347328455021384900968",
"323442038042609965760726624131774774046",
"315724195452782696640481136568126420521",
"218859128747834444097518954983112248067",
"41974691450165411508088936030051107514",
"303135410341512832922987949011171567332",
"293447143716288087782998231756667726069",
"217372882858124409694692800924143448439",
"27001985859552970730294629122776046919"
]
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/7f11cc02d9eeec5c0eca76ddfa5f5f1c3c6688f2",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c"
}
},
{
"id": "ASB-A-396331793-0e1f11d5",
"digest": {
"length": 534.0,
"function_hash": "1199143035182268879967339865194876810"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/7f11cc02d9eeec5c0eca76ddfa5f5f1c3c6688f2",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c",
"function": "__vsock_release"
}
},
{
"id": "ASB-A-396331793-512a2b3d",
"digest": {
"length": 78.0,
"function_hash": "56771322495587552517050006786434802306"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/50854473806ad532c32bdf23327823b860670849",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c",
"function": "vsock_remove_sock"
}
},
{
"id": "ASB-A-396331793-5a2155a4",
"digest": {
"length": 133.0,
"function_hash": "201901315493088586616214111401042328286"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/e2647b0fb4204838e32275f85859b029dc9f36b4",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c",
"function": "vsock_release"
}
},
{
"id": "ASB-A-396331793-70e7774b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"315846547144954437932558349803332645610",
"320060109348457990275876292068332149390",
"171113167129683175015413479739546363520",
"108308316375388446611909049605242978300",
"30522377330953224613483610200870480856",
"66635436580498319333909487219277994603",
"64008924649880362344851756048398435524",
"59795737601929499687007124819557276142",
"13844978785472152353820985718841496564",
"252440609494799904757554821555758005678",
"193578080547856560891172580259353551177",
"324817725186817950504563294076275753603",
"33149915624675340629758735699835723746",
"120597655316457347810288777397500665205",
"323442038042609965760726624131774774046",
"315724195452782696640481136568126420521",
"218859128747834444097518954983112248067",
"41974691450165411508088936030051107514",
"303135410341512832922987949011171567332",
"293447143716288087782998231756667726069",
"217372882858124409694692800924143448439",
"27001985859552970730294629122776046919",
"287720964837175276525043702928629401063",
"126764233531615465406813719486226524501",
"166886801417624102228996027314905634212",
"297418314889194643726517960987498017055",
"239702888451537020203833020087517190673",
"200086054474506847711024653193546314951",
"150079744505588801598444404005677194670",
"115453014194897095380714724382710475986",
"18384042746427778123554852254479757460",
"170486617078406887609615400554866883248",
"180425140671024262136987412792944849196",
"287898489819190686376446792580308510901",
"76625943974890976020616112015562727052",
"296793748086722370570244480090468778884",
"198941962025081482476280306437983375873"
]
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/9241eb16e35eb5fb700caf060ff0efb0e0a0fcd7",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c"
}
},
{
"id": "ASB-A-396331793-88a64c05",
"digest": {
"length": 534.0,
"function_hash": "126848679477018314214406474872698622072"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/cd0ebcd1757913ed6232b90203f586cd4b59de42",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c",
"function": "__vsock_release"
}
},
{
"id": "ASB-A-396331793-a05c8d50",
"digest": {
"length": 534.0,
"function_hash": "1199143035182268879967339865194876810"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/50854473806ad532c32bdf23327823b860670849",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c",
"function": "__vsock_release"
}
},
{
"id": "ASB-A-396331793-b1678abd",
"digest": {
"threshold": 0.9,
"line_hashes": [
"102499741651576453360814942821556486985",
"320060109348457990275876292068332149390",
"171113167129683175015413479739546363520",
"108308316375388446611909049605242978300",
"30522377330953224613483610200870480856",
"66635436580498319333909487219277994603",
"64008924649880362344851756048398435524",
"59795737601929499687007124819557276142",
"13844978785472152353820985718841496564",
"252440609494799904757554821555758005678",
"193578080547856560891172580259353551177",
"324817725186817950504563294076275753603",
"33149915624675340629758735699835723746",
"120597655316457347810288777397500665205",
"323442038042609965760726624131774774046",
"315724195452782696640481136568126420521",
"218859128747834444097518954983112248067",
"41974691450165411508088936030051107514",
"303135410341512832922987949011171567332",
"293447143716288087782998231756667726069",
"217372882858124409694692800924143448439",
"27001985859552970730294629122776046919",
"287720964837175276525043702928629401063",
"126764233531615465406813719486226524501",
"166886801417624102228996027314905634212",
"297418314889194643726517960987498017055",
"239702888451537020203833020087517190673",
"200086054474506847711024653193546314951",
"150079744505588801598444404005677194670",
"115453014194897095380714724382710475986",
"18384042746427778123554852254479757460",
"307589405962469792007071366795593608290",
"44162471054656546597034867723791245178",
"217697617222064585803148815690387737198",
"76625943974890976020616112015562727052",
"296793748086722370570244480090468778884",
"198941962025081482476280306437983375873"
]
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/e2647b0fb4204838e32275f85859b029dc9f36b4",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c"
}
},
{
"id": "ASB-A-396331793-b3395248",
"digest": {
"length": 551.0,
"function_hash": "112974489303941346190185582742426375129"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/9241eb16e35eb5fb700caf060ff0efb0e0a0fcd7",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c",
"function": "__vsock_release"
}
},
{
"id": "ASB-A-396331793-c3984523",
"digest": {
"length": 133.0,
"function_hash": "201901315493088586616214111401042328286"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/9241eb16e35eb5fb700caf060ff0efb0e0a0fcd7",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c",
"function": "vsock_release"
}
},
{
"id": "ASB-A-396331793-c6aa4fec",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60039586786278024433281876996342139717",
"118989826412430198957746093014059497328",
"216025663100643257532460380560852792546",
"308943728128160566691829774389250289941",
"41974691450165411508088936030051107514",
"130686715660741360316831533967041962482",
"237461933337707594619662446597172187049",
"307165715887453148253448425334092949562"
]
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/cd0ebcd1757913ed6232b90203f586cd4b59de42",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c"
}
},
{
"id": "ASB-A-396331793-d37c9581",
"digest": {
"length": 534.0,
"function_hash": "126848679477018314214406474872698622072"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/537268adf4cdb2b5ec905c01ffa919a71556ffa8",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c",
"function": "__vsock_release"
}
},
{
"id": "ASB-A-396331793-d7467a74",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60039586786278024433281876996342139717",
"118989826412430198957746093014059497328",
"216025663100643257532460380560852792546",
"308943728128160566691829774389250289941",
"41974691450165411508088936030051107514",
"130686715660741360316831533967041962482",
"237461933337707594619662446597172187049",
"307165715887453148253448425334092949562"
]
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/537268adf4cdb2b5ec905c01ffa919a71556ffa8",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c"
}
},
{
"id": "ASB-A-396331793-dbe124d3",
"digest": {
"length": 78.0,
"function_hash": "56771322495587552517050006786434802306"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/7f11cc02d9eeec5c0eca76ddfa5f5f1c3c6688f2",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c",
"function": "vsock_remove_sock"
}
},
{
"id": "ASB-A-396331793-f52c5b15",
"digest": {
"threshold": 0.9,
"line_hashes": [
"216031250881535994547217481730219102762",
"90555138792096488986296963783855082302",
"98018131091013516664770668311754345692",
"242604298144200656347328455021384900968",
"323442038042609965760726624131774774046",
"315724195452782696640481136568126420521",
"218859128747834444097518954983112248067",
"41974691450165411508088936030051107514",
"303135410341512832922987949011171567332",
"293447143716288087782998231756667726069",
"217372882858124409694692800924143448439",
"27001985859552970730294629122776046919"
]
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/50854473806ad532c32bdf23327823b860670849",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c"
}
},
{
"id": "ASB-A-396331793-fe956c39",
"digest": {
"length": 551.0,
"function_hash": "112974489303941346190185582742426375129"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/e2647b0fb4204838e32275f85859b029dc9f36b4",
"signature_version": "v1",
"target": {
"file": "net/vmw_vsock/af_vsock.c",
"function": "__vsock_release"
}
}
]
}