{"id":"PUB-A-168881044","details":"In hugetlb_sysctl_handler_common and related functions of hugetlb.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-168881044","CVE-2020-25285"],"modified":"2026-05-28T15:16:54.500952700Z","published":"2021-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-10-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/17743798d81238ab13050e8e2833699b54e15467"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2021-10-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","id":"PUB-A-168881044-25b7b243","source":"https://android.googlesource.com/kernel/common/+/17743798d81238ab13050e8e2833699b54e15467","deprecated":false,"target":{"file":"mm/hugetlb.c"},"digest":{"line_hashes":["78427202925527779349980016267686973995","338377802588085533664388610784190761551","256267166488348839840768874250796996296","4970458604033063215999046892688571996","308375545043524342862824577489080759380","316161863518024943443887858991207575451","328824381190401889148034092091657180502","123731079449201011466761021242276376826","90693052548908672831086892649478154469","124377126167245379507221920113642622334","312595602721307417037474824336717395303","34370117864617520962682324390996520906","237607865337097299852604719082629131461","123731079449201011466761021242276376826","90693052548908672831086892649478154469","121859444371198340807101242839924512618"],"threshold":0.9},"signature_version":"v1"},{"signature_type":"Function","id":"PUB-A-168881044-581ada1c","source":"https://android.googlesource.com/kernel/common/+/17743798d81238ab13050e8e2833699b54e15467","deprecated":false,"target":{"function":"hugetlb_sysctl_handler_common","file":"mm/hugetlb.c"},"digest":{"function_hash":"302141843589403206817579250493394775559","length":500},"signature_version":"v1"},{"id":"PUB-A-168881044-73179552","signature_type":"Function","source":"https://android.googlesource.com/kernel/common/+/17743798d81238ab13050e8e2833699b54e15467","deprecated":false,"target":{"function":"hugetlb_overcommit_handler","file":"mm/hugetlb.c"},"digest":{"function_hash":"154081086041580517127473271631497752087","length":586},"signature_version":"v1"}],"types":["EoP"],"spl":"2021-10-05","severity":"Moderate","fixes":["https://android.googlesource.com/kernel/common/+/17743798d81238ab13050e8e2833699b54e15467"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-168881044.json"}}],"schema_version":"1.7.5"}