{"id":"CVE-2021-39648","details":"In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel","aliases":["A-160822094","PUB-A-160822094"],"modified":"2026-04-10T04:37:23.365638Z","published":"2021-12-15T19:15:15Z","related":["SUSE-SU-2022:0362-1","SUSE-SU-2022:0363-1","SUSE-SU-2022:0364-1","SUSE-SU-2022:0365-1","SUSE-SU-2022:0366-1","SUSE-SU-2022:0367-1","SUSE-SU-2022:0370-1","SUSE-SU-2022:0371-1","SUSE-SU-2022:0372-1","SUSE-SU-2022:0477-1","SUSE-SU-2022:0543-1","SUSE-SU-2022:0544-1","SUSE-SU-2022:0555-1","openSUSE-SU-2022:0363-1","openSUSE-SU-2022:0366-1","openSUSE-SU-2022:0370-1"],"references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/pixel/2021-12-01"},{"type":"FIX","url":"https://source.android.com/security/bulletin/pixel/2021-12-01"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}]}