ASB-A-194461020

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-194461020.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-194461020
Aliases
  • A-194461020
  • CVE-2021-0924
Published
2021-11-01T00:00:00Z
Modified
2024-08-07T19:29:41.086046Z
Summary
KASAN: slab-out-of-bounds in xhci_vendor_get_ops when launching android12-5.10 in Cuttlefish
Details

In xhcivendorget_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2021-11-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "296006135374153502650136789747179702256",
                    "217159512600921346983341948625994838417",
                    "160429453232037323526628748569608099908",
                    "193600732335296680043124891759648905246"
                ]
            },
            "id": "ASB-A-194461020-3200f983",
            "source": "https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/xhci-plat.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "65428680134164326322057546870296949292",
                    "303072306054238883595727577573025816055",
                    "42220646100694777520453847116425822962",
                    "216533713427359301844167992195965822814",
                    "25528724874335813220711041707630977473",
                    "311336264386479869260568484405144833710",
                    "81063368215418693213834082312190684106",
                    "310546719597199516598815494422007457600",
                    "310559344884385429607470262976318504137",
                    "68419760345811645183698697123721005670",
                    "53073571646637977252105000344701892913",
                    "318754442047635110851922473336600156465",
                    "212087509126505534103086525065600928125",
                    "236368536978864450422384657808192069627"
                ]
            },
            "id": "ASB-A-194461020-5a444965",
            "source": "https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/xhci-plat.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "210885545745472116702241275745999693296",
                    "283252374392363481500010020423446567932",
                    "331460533588962771893617228252886273781",
                    "233532721724632329357361701797015958329",
                    "192091473560401473509916039596264421613",
                    "161288891347695359775749957266605571333",
                    "306893186768999960432735404132730239828",
                    "243756039758233042387197629917671581081"
                ]
            },
            "id": "ASB-A-194461020-7cd0fc52",
            "source": "https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/xhci.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 80.0,
                "function_hash": "182743551188546463145931240395122396814"
            },
            "id": "ASB-A-194461020-b8505d5f",
            "source": "https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/xhci.c",
                "function": "xhci_vendor_get_ops"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "187221316143190153406769378538013512897",
                    "20531172323687606511459870440641556444",
                    "1803244950909914522965904337999221500"
                ]
            },
            "id": "ASB-A-194461020-bd7699bc",
            "source": "https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/xhci.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 210.0,
                "function_hash": "147159070459491619183761293798301087003"
            },
            "id": "ASB-A-194461020-d221f6b4",
            "source": "https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/xhci-plat.c",
                "function": "xhci_vendor_cleanup"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 310.0,
                "function_hash": "241179395579510555574072957083271476109"
            },
            "id": "ASB-A-194461020-dc933947",
            "source": "https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/xhci-plat.c",
                "function": "xhci_vendor_init"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497"
    ],
    "spl": "2021-11-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}