{"id":"PUB-A-154177719","details":"In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-154177719","CVE-2021-0941"],"modified":"2026-05-19T16:54:37.272608834Z","published":"2021-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-10-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2021-10-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"net/core/filter.c","function":"__bpf_skb_max_len"},"signature_type":"Function","source":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae","id":"PUB-A-154177719-2659fae5","digest":{"length":143,"function_hash":"137750596739827142383440686567359026006"},"signature_version":"v1","deprecated":false},{"target":{"file":"net/core/filter.c","function":"__bpf_skb_change_tail"},"signature_type":"Function","source":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae","deprecated":false,"id":"PUB-A-154177719-41b834ea","signature_version":"v1","digest":{"length":539,"function_hash":"80986673427504888426221350849878848789"}},{"signature_type":"Line","target":{"file":"net/core/filter.c"},"source":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae","id":"PUB-A-154177719-4e51491f","digest":{"line_hashes":["259945764881074619719629723458681249767","211702882046350222074973401003562500487","151907955510445705390785540960532420052","68176734093958623301963053393629470950","225562373724743555382354025186081879072","190028318914772261028234194399779291138","93796378132038944792557713097547750487","336181921167223465394791960094320316759","311820212607240749522446917574931627995","146807328354191437961850864036584372226","237655477908554768622172785463694605008","27574865760179538416505590557967602693","69736329567188186914680998775123579129","2733381238734308438062737694884319427","30411977170196555566438412885086409555","104428656257482569784448451277521778580","75343475432331829089969446875794635965","160501476631950876016368629880894036894","17352010099512609550099766235438737832","93165544051822768836533468225061610095"],"threshold":0.9},"signature_version":"v1","deprecated":false},{"signature_type":"Function","target":{"file":"net/core/filter.c","function":"BPF_CALL_4"},"source":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae","id":"PUB-A-154177719-6204ae5f","digest":{"length":1091,"function_hash":"67194930366748494138991667952683909923"},"signature_version":"v1","deprecated":false},{"target":{"file":"net/core/filter.c","function":"__bpf_skb_change_head"},"signature_type":"Function","source":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae","digest":{"length":434,"function_hash":"133660366625343567883229768301105442654"},"deprecated":false,"signature_version":"v1","id":"PUB-A-154177719-72072798"}],"types":["EoP"],"fixes":["https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae"],"severity":"Moderate","spl":"2021-10-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-154177719.json"}}],"schema_version":"1.7.5"}