CVE-2021-0941
Published on: 10/25/2021 12:00:00 AM UTC
Last Modified on: 10/26/2021 02:29:00 PM UTC
Certain versions of Android from Google contain the following vulnerability:
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel
- CVE-2021-0941 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.7 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | HIGH | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 7.2 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Pixel Update Bulletin—October 2021 | Android Open Source Project | source.android.com text/html | MISC source.android.com/security/bulletin/pixel/2021-10-01 |
Related QID Numbers
- 159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
- 180232 Debian Security Update for linux (CVE-2021-0941)
- 240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
- 240298 Red Hat Update for kernel security (RHSA-2022:1988)
- 610372 Google Pixel Android October 2021 Security Patch Missing
- 610381 Google Android November 2021 Security Patch Missing for Huawei EMUI
- 671367 EulerOS Security Update for kernel (EulerOS-SA-2022-1308)
- 671380 EulerOS Security Update for kernel (EulerOS-SA-2022-1292)
- 671436 EulerOS Security Update for kernel (EulerOS-SA-2022-1352)
- 671498 EulerOS Security Update for kernel (EulerOS-SA-2022-1466)
- 671543 EulerOS Security Update for kernel (EulerOS-SA-2022-1475)
- 751399 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1501-1)
- 751406 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3806-1)
- 751424 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3848-1)
- 751436 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3877-1)
- 751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
- 751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
- 751462 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3941-1)
- 751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
- 751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
- 940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Android | - | All | All | All |
- cpe:2.3:o:google:android:-:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | CVE-2021-0941 : In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free.… twitter.com/i/web/status/1… | 2021-10-25 14:11:30 |