Vulnerability CVE-2021-39648

Vulnerability Name:

CVE-2021-39648 (CCN-215404)

Assigned:

2021-12-08

Published:

2021-12-08

Updated:

2022-07-12

Summary:

In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel

CVSS v3 Severity:

4.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)
3.6 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-362

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: Google Web site
Android

Source: MITRE
Type: CNA
CVE-2021-39648

Source: XF
Type: UNKNOWN
android-cve202139648-info-disc(215404)

Source: CCN
Type: Android Open Source Project
Pixel Update Bulletin - December 2021

Source: MISC
Type: Patch, Vendor Advisory
https://source.android.com/security/bulletin/pixel/2021-12-01

Vulnerable Configuration:

Configuration 1:

cpe:/o:google:android:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:google:android:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:4740	P	Security update for the Linux RT Kernel (Critical)	2022-02-22
oval:org.opensuse.security:def:42343	P	Security update for the Linux RT Kernel (Critical)	2022-02-21
oval:org.opensuse.security:def:102157	P	Security update for the Linux RT Kernel (Critical)	2022-02-21
oval:org.opensuse.security:def:1600	P	Security update for the Linux RT Kernel (Critical)	2022-02-21
oval:org.opensuse.security:def:42199	P	Security update for the Linux RT Kernel (Critical)	2022-02-21
oval:org.opensuse.security:def:118440	P	Security update for the Linux RT Kernel (Critical)	2022-02-21
oval:org.opensuse.security:def:1812	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:938	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:127358	P	Security update for the Linux Kernel (Important)	2022-02-11
oval:org.opensuse.security:def:101851	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:99210	P	(Critical)	2022-02-11
oval:org.opensuse.security:def:125394	P	Security update for the Linux Kernel (Important)	2022-02-11
oval:org.opensuse.security:def:100414	P	(Critical)	2022-02-11
oval:org.opensuse.security:def:1189	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:101894	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:99484	P	(Critical)	2022-02-11
oval:org.opensuse.security:def:102310	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:125797	P	Security update for the Linux Kernel (Important)	2022-02-11
oval:org.opensuse.security:def:100748	P	(Critical)	2022-02-11
oval:org.opensuse.security:def:1241	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:101998	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:99746	P	(Critical)	2022-02-11
oval:org.opensuse.security:def:1758	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:102356	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:126960	P	Security update for the Linux Kernel (Important)	2022-02-11
oval:org.opensuse.security:def:101630	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:6159	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:42337	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:1418	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:125120	P	Security update for the Linux Kernel (Important)	2022-02-11
oval:org.opensuse.security:def:100076	P	(Critical)	2022-02-11
oval:org.opensuse.security:def:119300	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:6356	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:1563	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:118805	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:5341	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:42193	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:119483	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:118239	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:4304	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:118995	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:6158	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:119668	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:4677	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:119102	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:102124	P	Security update for the Linux Kernel (Critical)	2022-02-10
oval:org.opensuse.security:def:118659	P	Security update for the Linux Kernel (Critical)	2022-02-10

BACK