{"id":"ASB-A-184018316","details":"In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-184018316","CVE-2021-0695"],"modified":"2026-06-12T15:08:17.296522730Z","published":"2021-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-09-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/2398e650c58a6f4877dafce649188290f6e3b4f5"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"oc-mr1:0"},{"fixed":"oc-mr1:2021-09-05"}]}],"versions":["oc-mr1"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/2398e650c58a6f4877dafce649188290f6e3b4f5"],"vanir_signatures":[{"target":{"file":"net/netfilter/xt_qtaguid.c","function":"if_tag_stat_update"},"id":"ASB-A-184018316-7df85947","digest":{"length":1631,"function_hash":"131779537519072004765476490002793534057"},"signature_type":"Function","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/2398e650c58a6f4877dafce649188290f6e3b4f5"},{"target":{"file":"net/netfilter/xt_qtaguid.c","function":"get_sock_stat"},"id":"ASB-A-184018316-96a31b8c","source":"https://android.googlesource.com/kernel/common/+/2398e650c58a6f4877dafce649188290f6e3b4f5","signature_type":"Function","signature_version":"v1","deprecated":false,"digest":{"length":263,"function_hash":"91195615744510038661386414139581914347"}},{"target":{"file":"net/netfilter/xt_qtaguid.c"},"id":"ASB-A-184018316-a8c6ed88","digest":{"line_hashes":["278397177345140589566591461182343093978","51752122789903722980244326115004029799","330435944018187943760038544252241998324","18078589458524091784815110161741913366","58540722813992591870898939965021350757","115568354964023882450264680350507193383","87156564800015887755106394659465475687","49398822112535891548057254233523891024","139994637588002220619409478108260285778","244504278805933172363757650508034262170","195940410772466375878858442511497360995","179290040357666299212655823270773047559","300865721449012516697598217786461386205","182551232748227323562265552204725848751","272031042048563792146768819982800510677","43291952868841357695287477227019279783","147742840176630596912700515404456133466","125400409210754598265611985516975519584","76348534183481793128464354103261659099","111367549088528044360911432362948507565","129977411056890647077411004164407006450","156949500451627787520821017405303430612","164975546083953171750113604916281944332"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/2398e650c58a6f4877dafce649188290f6e3b4f5"}],"spl":"2021-09-05","types":["ID"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-184018316.json"}},{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"pi:0"},{"fixed":"pi:2021-09-05"}]}],"versions":["pi"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/2398e650c58a6f4877dafce649188290f6e3b4f5"],"vanir_signatures":[{"target":{"file":"net/netfilter/xt_qtaguid.c","function":"if_tag_stat_update"},"id":"ASB-A-184018316-328ec9d7","source":"https://android.googlesource.com/kernel/common/+/2398e650c58a6f4877dafce649188290f6e3b4f5","signature_type":"Function","signature_version":"v1","deprecated":false,"digest":{"length":1631,"function_hash":"131779537519072004765476490002793534057"}},{"target":{"file":"net/netfilter/xt_qtaguid.c","function":"get_sock_stat"},"id":"ASB-A-184018316-4ced360a","source":"https://android.googlesource.com/kernel/common/+/2398e650c58a6f4877dafce649188290f6e3b4f5","signature_type":"Function","signature_version":"v1","deprecated":false,"digest":{"length":263,"function_hash":"91195615744510038661386414139581914347"}},{"target":{"file":"net/netfilter/xt_qtaguid.c"},"id":"ASB-A-184018316-8f2f029e","digest":{"line_hashes":["278397177345140589566591461182343093978","51752122789903722980244326115004029799","330435944018187943760038544252241998324","18078589458524091784815110161741913366","58540722813992591870898939965021350757","115568354964023882450264680350507193383","87156564800015887755106394659465475687","49398822112535891548057254233523891024","139994637588002220619409478108260285778","244504278805933172363757650508034262170","195940410772466375878858442511497360995","179290040357666299212655823270773047559","300865721449012516697598217786461386205","182551232748227323562265552204725848751","272031042048563792146768819982800510677","43291952868841357695287477227019279783","147742840176630596912700515404456133466","125400409210754598265611985516975519584","76348534183481793128464354103261659099","111367549088528044360911432362948507565","129977411056890647077411004164407006450","156949500451627787520821017405303430612","164975546083953171750113604916281944332"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/2398e650c58a6f4877dafce649188290f6e3b4f5"}],"spl":"2021-09-05","types":["ID"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-184018316.json"}}],"schema_version":"1.7.5"}