{"id":"PUB-A-191191879","details":"In sctp_wait_for_sndbuf of socket.c, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-191191879","CVE-2018-25015"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2021-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-11-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/a0ff660058b88d12625a783ce9e5c1371c87951f"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2021-11-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"line_hashes":["161440026640161238937255497205652366722","166896863108492209158237495159788846437","223860417456292450803140605217402891065","210456367631101530300657116600036694118","237777062920378449233657794985847342391","278012447065204218890908734041039357011","331614554834821072697861657940117163471","178650493169087938070146189829536330318","197076462926417907330935773542779761980","182760778930332685684967791520172818661","220600775586802911864186653955225149037","141603963500809161597629767413396204291","17767916853563208975470494862368186917","95108359713653449930249440349235487136","338354093051679488849685348264751873804","119929906587483203789517481165384647900","181648542817072038655607995641365685842","117359743880724450296820603826606463161","61748690895858767997432211545774538564","10858248066023894216951201326331096064","114951862003674669757708441705527890580","169792679937063316259977461247257911674","265710249301780992029112315883181302264","159087307297349208422956816081753698060","48545306500697272270179214074230945302","247653729167444084821210923403423765144","68147848313107386147661406810849818272","315023451341380403884119345778228100961","118403494614252980446332566965611223941"],"threshold":0.9},"source":"https://android.googlesource.com/kernel/common/+/a0ff660058b88d12625a783ce9e5c1371c87951f","target":{"file":"net/sctp/socket.c"},"signature_type":"Line","id":"PUB-A-191191879-62efbbcd","deprecated":false,"signature_version":"v1"},{"digest":{"length":1086,"function_hash":"228276958924351202909308293677605884005"},"source":"https://android.googlesource.com/kernel/common/+/a0ff660058b88d12625a783ce9e5c1371c87951f","deprecated":false,"signature_type":"Function","target":{"function":"sctp_wait_for_sndbuf","file":"net/sctp/socket.c"},"id":"PUB-A-191191879-991dd491","signature_version":"v1"},{"digest":{"length":7094,"function_hash":"162780646626966239124101143148513186694"},"source":"https://android.googlesource.com/kernel/common/+/a0ff660058b88d12625a783ce9e5c1371c87951f","deprecated":false,"signature_type":"Function","target":{"function":"sctp_sendmsg","file":"net/sctp/socket.c"},"id":"PUB-A-191191879-c08c347a","signature_version":"v1"}],"types":["EoP"],"severity":"Moderate","spl":"2021-11-05","fixes":["https://android.googlesource.com/kernel/common/+/a0ff660058b88d12625a783ce9e5c1371c87951f"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-191191879.json"}}],"schema_version":"1.7.5"}