CVE-2021-39698 — Use After Free in Google Android

CWE-416 — Use After Free12 documents8 sources

Severity

7.8HIGHNVD

OSV6.5

EPSS

0.0%

top 91.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Google Android

Timeline

PublishedMar 16

Latest updateApr 6

Description

In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Debianlinux/linux_kernel< 5.10.92-1+3

▶googlegoogle/android

▶debiandebian/linux< linux 5.15.15-1 (bookworm)

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

OSV

linux-azure-5.13, linux-oracle-5.13 vulnerabilities↗2022-04-06

▶

OSV

linux, linux-aws, linux-aws-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2022-03-22

▶

GHSA

GHSA-32r8-256r-q9p6: In aio_poll_complete_work of aio↗2022-03-17

▶

OSV

CVE-2021-39698: In aio_poll_complete_work of aio↗2022-03-16

▶

OSV

CVE-2021-39698: In aio_poll_complete_work of aio↗2022-03-01

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2022-04-06

▶

Ubuntu

Linux kernel vulnerabilities↗2022-03-22

▶

Red Hat

kernel: use-after-free in the file polling implementation↗2022-03-07

▶

Android

CVE-2021-39698: Kernel↗2022-03-01

▶

Debian

CVE-2021-39698: linux - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to...↗2021

▶

💬Community

Bugzilla

CVE-2021-39698 kernel: use-after-free in the file polling implementation↗2022-03-11

▶