CVE-2021-39685
Summary
| CVE | CVE-2021-39685 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-16 15:15:00 UTC |
| Updated | 2022-03-23 16:20:00 UTC |
| Description | In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Android Security Bulletin—March 2022 | Android Open Source Project | MISC | source.android.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159727 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9245)
- 159729 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9244)
- 179012 Debian Security Update for linux (DSA 5050-1)
- 179117 Debian Security Update for linux (DSA 5096-1)
- 179118 Debian Security Update for linux (DLA 2940-1)
- 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
- 183798 Debian Security Update for linux (CVE-2021-39685)
- 198659 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5278-1)
- 198667 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5294-1)
- 198674 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5294-2)
- 198676 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5297-1)
- 198678 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5298-1)
- 198708 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5337-1)
- 198731 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5368-1)
- 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
- 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
- 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
- 376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
- 610401 Google Android Devices March 2022 Security Patch Missing
- 610408 Google Android April 2022 Security Patch Missing for Huawei EMUI
- 610409 Google Android April 2022 Security Patch Missing for Samsung
- 671448 EulerOS Security Update for kernel (EulerOS-SA-2022-1450)
- 671474 EulerOS Security Update for kernel (EulerOS-SA-2022-1429)
- 671505 EulerOS Security Update for kernel (EulerOS-SA-2022-1489)
- 671535 EulerOS Security Update for kernel (EulerOS-SA-2022-1508)
- 751700 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0363-1)
- 751704 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0370-1)
- 752005 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0370-1)
- 753172 SUSE Enterprise Linux Security Update for the Linux RT Kernel (SUSE-SU-2022:0543-1)
- 753212 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0363-1)