{"id":"ASB-A-216408350","details":"In fget() of file.c, there is a possible read after free  due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-216408350","CVE-2021-4083","PUB-A-216408350"],"modified":"2026-05-27T15:53:17.428190120Z","published":"2022-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-09-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2022-09-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"spl":"2022-09-05","fixes":["https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969"],"severity":"High","vanir_signatures":[{"id":"ASB-A-216408350-04872399","deprecated":false,"digest":{"length":312,"function_hash":"50347399082138730567468486640168205875"},"source":"https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969","target":{"file":"fs/file.c","function":"__fget_files"},"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-216408350-181bf3dd","deprecated":false,"digest":{"line_hashes":["222339155623389242937145999001050522534","14210766515571077282217007477797530518","286959784734915952769508299362550069891","325423163522201025610882289272510867957"],"threshold":0.9},"source":"https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969","signature_type":"Line","target":{"file":"fs/file.c"},"signature_version":"v1"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-216408350.json"}}],"schema_version":"1.7.5"}