CVE-2021-0920

Published on: 12/15/2021 12:00:00 AM UTC

Last Modified on: 07/12/2022 05:42:00 PM UTC

CVE-2021-0920

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel

  • CVE-2021-0920 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.4 - MEDIUM

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
LOCAL HIGH HIGH NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.9 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
LOCAL MEDIUM NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Android Security Bulletin—November 2021  |  Android Open Source Project source.android.com
text/html
 URL Logo MISC source.android.com/security/bulletin/2021-11-01
[SECURITY] [DLA 2843-1] linux security update lists.debian.org
text/html
 URL Logo MLIST [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 159610 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9010)
  • 159611 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9011)
  • 159612 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9012)
  • 159613 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9013)
  • 159614 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9014)
  • 159664 Oracle Enterprise Linux Security Update for kernel security and bug fix update (ELSA-2022-0620)
  • 159700 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-0825)
  • 159777 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9348)
  • 160089 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-9781)
  • 178943 Debian Security Update for linux (DLA 2843-1)
  • 180188 Debian Security Update for linux (CVE-2021-0920)
  • 240093 Red Hat Update for kpatch-patch (RHSA-2022:0592)
  • 240094 Red Hat Update for kpatch-patch (RHSA-2022:0590)
  • 240096 Red Hat Update for kernel-rt (RHSA-2022:0622)
  • 240100 Red Hat Update for kernel (RHSA-2022:0636)
  • 240101 Red Hat Update for kernel-rt (RHSA-2022:0629)
  • 240115 Red Hat Update for kernel (RHSA-2022:0620)
  • 240120 Red Hat Update for kpatch-patch (RHSA-2022:0772)
  • 240121 Red Hat Update for kernel-rt (RHSA-2022:0771)
  • 240122 Red Hat Update for kernel security (RHSA-2022:0777)
  • 240128 Red Hat Update for kernel security (RHSA-2022:0825)
  • 240130 Red Hat Update for kernel-rt (RHSA-2022:0819)
  • 240144 Red Hat Update for kpatch-patch (RHSA-2022:0849)
  • 240418 Red Hat Update for kpatch-patch (RHSA-2022:0851)
  • 240440 Red Hat Update for kernel (RHSA-2022:1324)
  • 240441 Red Hat Update for kpatch-patch (RHSA-2022:1103)
  • 257155 CentOS Security Update for kernel (CESA-2022:0620)
  • 390254 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0005)
  • 390261 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0014)
  • 610380 Google Android Devices November 2021 Security Patch Missing
  • 610385 Google Android December 2021 Security Patch Missing for Samsung
  • 610387 Google Android December 2021 Security Patch Missing for LGE
  • 610388 Google Android December 2021 Security Patch Missing for Huawei EMUI
  • 671295 EulerOS Security Update for kernel (EulerOS-SA-2022-1243)
  • 671367 EulerOS Security Update for kernel (EulerOS-SA-2022-1308)
  • 671380 EulerOS Security Update for kernel (EulerOS-SA-2022-1292)
  • 671401 EulerOS Security Update for kernel (EulerOS-SA-2022-1328)
  • 671436 EulerOS Security Update for kernel (EulerOS-SA-2022-1352)
  • 671543 EulerOS Security Update for kernel (EulerOS-SA-2022-1475)
  • 671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
  • 751600 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0068-1)
  • 751602 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0080-1)
  • 751695 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0367-1)
  • 751697 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0366-1)
  • 751701 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0366-1)
  • 751702 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0371-1)
  • 751771 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (SUSE-SU-2022:0667-1)
  • 751776 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 42 for SLE 12 SP3) (SUSE-SU-2022:0668-1)
  • 751837 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0762-1)
  • 751952 OpenSUSE Security Update for Linux Kernel (openSUSE-SU-2022:1039-1)
  • 751956 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:1037-1)
  • 752016 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1039-1)
  • 752042 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1197-1)
  • 753110 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) (SUSE-SU-2022:0619-1)
  • 753188 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) (SUSE-SU-2022:0660-1)
  • 753203 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) (SUSE-SU-2022:0647-1)
  • 753249 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 25 for SLE 15 SP2) (SUSE-SU-2022:0996-1)
  • 753289 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) (SUSE-SU-2022:1034-1)
  • 753338 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:0615-1)
  • 753348 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1038-1)
  • 753373 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1257-1)
  • 753422 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1037-1)
  • 940463 AlmaLinux Security Update for kernel (ALSA-2022:0825)
  • 960782 Rocky Linux Security Update for kernel-rt (RLSA-2022:0819)
  • 960805 Rocky Linux Security Update for kernel (RLSA-2022:0825)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System		DebianDebian Linux9.0AllAllAll
Operating
System		GoogleAndroidAllAllAllAll
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:google:android:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @management_sun IT Risk: Android OSに複数の脆弱性 -3/4 CVE-2021-0924 CVE-2021-0923 CVE-2021-0922 CVE-2021-0921 CVE-2021-0920 CVE-2021-0919… twitter.com/i/web/status/1… 2021-11-02 02:59:12
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution - PATCH: NOW 2021-11-02 15:25:39
Reddit Logo Icon /r/netsec A deep dive into an in-the-wild Android exploit: the quantum state of Linux kernel garbage collection - CVE-2021-0920 (Part 1) 2022-08-11 00:07:52
Reddit Logo Icon /r/linkersec The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) 2022-08-11 15:30:26
Reddit Logo Icon /r/blueteamsec Project Zero: The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) - A deep dive into an in-the-wild Android exploit 2022-08-11 19:00:42
Reddit Logo Icon /r/programming The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) 2022-08-12 10:30:09
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report