{"id":"PUB-A-171418586","details":"In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-171418586","CVE-2021-0938"],"modified":"2026-05-27T15:53:17.428190120Z","published":"2021-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-10-01"},{"type":"FIX","url":"http://android.googlesource.com/kernel/common/+/b207caff4176"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2021-10-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/b207caff4176"],"vanir_signatures":[{"id":"PUB-A-171418586-d5f38565","signature_version":"v1","signature_type":"Line","target":{"file":"include/linux/compiler.h"},"source":"https://android.googlesource.com/kernel/common/+/b207caff4176","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["155912257525755603248824695362303775945","332555238510405985194080792431790876117","145223449976152462925900263703735570961","189588853937692635912054551593829697886","171476834957445749975955936806750340909","322830413972318245308229436526543128295","101517464112037253994975915085192448931"]}}],"severity":"Moderate","types":["ID"],"spl":"2021-10-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-171418586.json"}}],"schema_version":"1.7.5"}