PUB-A-194694600

See a problem?

Import Source

https://storage.googleapis.com/android-osv/PUB-A-194694600.json

JSON Data

https://api.osv.dev/v1/vulns/PUB-A-194694600

Aliases

A-194694600
CVE-2021-33034

Published

2022-06-01T00:00:00Z

Modified

2025-11-06T16:39:24.500007Z

Summary

[none]

Details

In hcisendacl and related functions of hci_core.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name: :linux_kernel:

Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2022-06-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "spl": "2022-06-05",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/5c4c8c9544099bb9043a10a5318130a943e32fc3"
    ],
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/kernel/common/+/5c4c8c9544099bb9043a10a5318130a943e32fc3",
            "signature_type": "Line",
            "deprecated": false,
            "id": "PUB-A-194694600-0e8c5222",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "8079421475408174812840935138761870503",
                    "149028967828046616283649414939910617405",
                    "87517466533781006430034154401042079236",
                    "220217085820012978358288060334272580818",
                    "140485719149744892342272638687073716447",
                    "148249321736742285270402487365204002171",
                    "165703254341232650984361253764897162618",
                    "243938702843992248359438974254134963632"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "net/bluetooth/hci_event.c"
            }
        },
        {
            "source": "https://android.googlesource.com/kernel/common/+/5c4c8c9544099bb9043a10a5318130a943e32fc3",
            "signature_type": "Line",
            "deprecated": false,
            "id": "PUB-A-194694600-110a969c",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "75869243969825306294812844639812975829",
                    "57881833720794058667873042742744207397",
                    "171683051639382316481215321654958478197",
                    "326342439426828093251435173500487834938"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "include/net/bluetooth/hci_core.h"
            }
        },
        {
            "source": "https://android.googlesource.com/kernel/common/+/5c4c8c9544099bb9043a10a5318130a943e32fc3",
            "signature_type": "Function",
            "deprecated": false,
            "id": "PUB-A-194694600-67773e4d",
            "digest": {
                "function_hash": "107372139021562613702413033798881309412",
                "length": 429.0
            },
            "signature_version": "v1",
            "target": {
                "function": "hci_disconn_loglink_complete_evt",
                "file": "net/bluetooth/hci_event.c"
            }
        },
        {
            "source": "https://android.googlesource.com/kernel/common/+/5c4c8c9544099bb9043a10a5318130a943e32fc3",
            "signature_type": "Function",
            "deprecated": false,
            "id": "PUB-A-194694600-9e7911e6",
            "digest": {
                "function_hash": "292339631366349863096215495176622168356",
                "length": 735.0
            },
            "signature_version": "v1",
            "target": {
                "function": "hci_loglink_complete_evt",
                "file": "net/bluetooth/hci_event.c"
            }
        }
    ],
    "severity": "Moderate"
}