{"id":"PUB-A-184847809","details":"In xt_compat_target_from_user of x_tables.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-184847809","CVE-2021-22555"],"modified":"2026-05-27T15:53:17.428190120Z","published":"2021-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-10-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2021-10-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"types":["EoP"],"fixes":["https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d"],"severity":"Moderate","spl":"2021-10-05","vanir_signatures":[{"id":"PUB-A-184847809-877d7e4d","source":"https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d","target":{"file":"net/ipv4/netfilter/arp_tables.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["250593423097289763518840416180899252212","56390249934687615994851625980461256314","44907493427482642542144014318836975935"]},"deprecated":false,"signature_version":"v1"},{"id":"PUB-A-184847809-9d52b6eb","source":"https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d","target":{"file":"net/ipv4/netfilter/ip_tables.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["250593423097289763518840416180899252212","119879805833018606111565140004790775799","286273123140828989782977022154800889535"]},"deprecated":false,"signature_version":"v1"},{"id":"PUB-A-184847809-a9136302","source":"https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d","signature_type":"Function","target":{"function":"xt_compat_match_from_user","file":"net/netfilter/x_tables.c"},"digest":{"function_hash":"112288550243795503554430237613510029675","length":890},"deprecated":false,"signature_version":"v1"},{"id":"PUB-A-184847809-aa97388e","source":"https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d","signature_type":"Line","target":{"file":"net/netfilter/x_tables.c"},"digest":{"line_hashes":["237625373789119390297176254960999706686","87577102913339808911945406432417054980","243149214489725621541896354095193215924","313533428094189779041700895437307180839","186947883349826844037560801970397235720","46953266724719743053130448565998017486","159182069764060489028296633136037278452","202674605857400815217350527310405552826","311565438486735987236693172628904305829","312786693420077244834599205298359989291","233758488829787199263408386307959095352","186349778077549529145395568979397022184","198239097157250657917742105892836947106","283350923594782428460620313757488673462","219860415905888908800391479734134435079","154263896549576825054297909621619357568","78777577887932545426992826309313531371","12210854144912036641856345140459556251","316008391328661218427615984556571210351","202721992762595883108358859022662568251"],"threshold":0.9},"signature_version":"v1","deprecated":false},{"id":"PUB-A-184847809-c4d75a1a","source":"https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d","signature_type":"Function","target":{"function":"xt_compat_target_from_user","file":"net/netfilter/x_tables.c"},"digest":{"function_hash":"237265457552964565150363111904283971957","length":895},"deprecated":false,"signature_version":"v1"},{"id":"PUB-A-184847809-ceb06cdc","source":"https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d","target":{"function":"translate_compat_table","file":"net/ipv4/netfilter/arp_tables.c"},"signature_type":"Function","digest":{"function_hash":"197367519223820433962020977817939286027","length":1812},"signature_version":"v1","deprecated":false},{"id":"PUB-A-184847809-dda47bcd","source":"https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d","target":{"file":"net/ipv6/netfilter/ip6_tables.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["250593423097289763518840416180899252212","119879805833018606111565140004790775799","286273123140828989782977022154800889535"]},"deprecated":false,"signature_version":"v1"},{"id":"PUB-A-184847809-e7f612d9","source":"https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d","target":{"function":"translate_compat_table","file":"net/ipv4/netfilter/ip_tables.c"},"signature_type":"Function","digest":{"function_hash":"334980115648599037794136451126372025221","length":1790},"deprecated":false,"signature_version":"v1"},{"id":"PUB-A-184847809-f9d2d880","source":"https://android.googlesource.com/kernel/common/+/b29c457a6511435960115c0f548c4360d5f4801d","signature_type":"Function","target":{"function":"translate_compat_table","file":"net/ipv6/netfilter/ip6_tables.c"},"digest":{"function_hash":"312055223986413050891550474343679527242","length":1796},"signature_version":"v1","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-184847809.json"}}],"schema_version":"1.7.5"}