{"id":"ASB-A-169505929","details":"In ib_prctl_set of bugs.c, there is a possible way to re-enable indirect branch speculation due to a permissions bypass. This could lead to local information disclosure via a Spectre v2 attack with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-169505929","CVE-2020-10768"],"modified":"2026-03-11T05:57:40.631882Z","published":"2021-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-10-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2021-10-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"spl":"2021-10-05","vanir_signatures":[{"id":"ASB-A-169505929-8ef931fc","source":"https://android.googlesource.com/kernel/common/+/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf","deprecated":false,"signature_version":"v1","digest":{"function_hash":"337582401683084583128489187843894130475","length":949},"signature_type":"Function","target":{"function":"ib_prctl_set","file":"arch/x86/kernel/cpu/bugs.c"}},{"id":"ASB-A-169505929-e316d259","source":"https://android.googlesource.com/kernel/common/+/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf","deprecated":false,"signature_version":"v1","digest":{"line_hashes":["96293375478824141631754960072640988953","36152342845344979984605625203388829799","8460226663272733964146612779976990208","138461365038257326585673897414895695562","47823671850491995274274841138110324739","237551085397149107198675647758349576371"],"threshold":0.9},"signature_type":"Line","target":{"file":"arch/x86/kernel/cpu/bugs.c"}}],"fixes":["https://android.googlesource.com/kernel/common/+/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf"],"severity":"High","types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-169505929.json"}}],"schema_version":"1.7.5"}