PUB-A-175769013

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-175769013.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-175769013
Aliases
Published
2021-05-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In several functions of rawmidi.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name
:linux_kernel:

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2021-05-05

Affected versions

Other

Kernel

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 678.0,
                "function_hash": "314871920689903580869819018517424350454"
            },
            "id": "PUB-A-175769013-7229b2ed",
            "source": "https://android.googlesource.com/kernel/common/+/c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "sound/core/rawmidi.c",
                "function": "resize_runtime_buffer"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 830.0,
                "function_hash": "172204106254037274714494600219135858534"
            },
            "id": "PUB-A-175769013-a655205f",
            "source": "https://android.googlesource.com/kernel/common/+/c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "sound/core/rawmidi.c",
                "function": "snd_rawmidi_kernel_read1"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1210.0,
                "function_hash": "212778632147576676268940491426471908888"
            },
            "id": "PUB-A-175769013-aff91dab",
            "source": "https://android.googlesource.com/kernel/common/+/c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "sound/core/rawmidi.c",
                "function": "snd_rawmidi_kernel_write1"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "315773913514563824388986166168303630565",
                    "805738257609917269725134517545475231",
                    "152587891080038059402694597486076981983",
                    "261189496282831407514816756185800473580",
                    "80834435312410319005841147645417812532",
                    "150531562849332415003997889040974539587",
                    "65264724008199572523185518848111455744",
                    "260855241664289960876791237509856809672",
                    "74049198112241083284172833986336576805",
                    "198441149845157082620962292209316226768",
                    "145248895820709366235235406511884879039",
                    "194037440701272896667329497017667983941",
                    "259420861385600412375951975861458169814",
                    "179195206896033778004100542662561892852",
                    "1197120713209132659884530840304558425",
                    "247084909837015096129377514807297619348",
                    "314609227490143146103819817708462570935",
                    "111467065830700544733632457741322844703",
                    "57754988930533824132027787440915861087",
                    "307496905596691574412401525559731632653",
                    "264652118581856256018940427029338649580",
                    "172710481347826385148108541346571352163",
                    "271509810907710073559039362427956241902",
                    "296844783317536767261918858523542420169",
                    "60254032954572248847951264180909281797",
                    "337610443888470385135869178171284872708",
                    "279661919500082047761524388100532050744",
                    "69100975102836498005750213581285513939",
                    "10850927927159001289281927153271552233",
                    "70345102174576309221045081433644259553",
                    "243413218303680446552970363224562061291",
                    "93060178372008884352389864189080624526",
                    "235401913781417117976851487377730718728"
                ]
            },
            "id": "PUB-A-175769013-e279ff9d",
            "source": "https://android.googlesource.com/kernel/common/+/c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "sound/core/rawmidi.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "153707748463412319429742889496777750611",
                    "19524840901856174075336129952041999434",
                    "7401472206346572703808558844878642420",
                    "154979724006984475915578727972960941303"
                ]
            },
            "id": "PUB-A-175769013-f7e730f8",
            "source": "https://android.googlesource.com/kernel/common/+/c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/sound/rawmidi.h"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d"
    ],
    "spl": "2021-05-05",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}