{"id":"ASB-A-171705902","details":"In fixup_pi_state_owner of futex.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-171705902","CVE-2021-3347"],"modified":"2026-03-11T05:59:48.108819Z","published":"2021-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-08-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/6e7bfa046de8"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2021-08-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"types":["EoP"],"fixes":["https://android.googlesource.com/kernel/common/+/6e7bfa046de8"],"severity":"High","vanir_signatures":[{"target":{"function":"futex_lock_pi","file":"kernel/futex.c"},"source":"https://android.googlesource.com/kernel/common/+/6e7bfa046de8","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-171705902-052b0830","digest":{"length":2430,"function_hash":"166407265836328870184724393860972034776"}},{"target":{"function":"__fixup_pi_state_owner","file":"kernel/futex.c"},"source":"https://android.googlesource.com/kernel/common/+/6e7bfa046de8","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-171705902-254205f3","digest":{"length":1316,"function_hash":"52949640630578686807464447965616679412"}},{"target":{"file":"kernel/futex.c"},"source":"https://android.googlesource.com/kernel/common/+/6e7bfa046de8","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-171705902-2c1fe69d","digest":{"threshold":0.9,"line_hashes":["277696547841446050299316128790771963006","101107537533451650815640847995199601132","115162581271208781200345521999499285431","51012072082526540972081746163334664266","94613011286892000345735233480715095720","326327256823949410873761865611659517621","122070659955104989871090937019300140704","29647631531214415691908176804216470396","299879371089825648946108712768808226346","166447846515058582747736052166524432350","88864922940187067070720626506787318460","99746421116309374202488546135233948575","96898120306017363035329849461750391371","233289239217512225928947734992927182810","28378800602613682390239154766405949555","135990521712881915955526603221964007810","203991696525893997486293058786271428298","134382814200124380347082578662335001414","308636226336762709767367156429249915955","142462741155204829755875419802479934399","257677037739395275968206792037470352289","238822028467281596831198266313399068469","266274011474161998918008606046402729078","120847358317147734599455306436992199178","329609493481011690307245500347116459679","111190485340161273643099597353625405826","311484847247301039108694392994162210355","130783198392241764045979051211405014248","1130404072891426559364165520840721390","45355317341531064560246639371770036050","321770519846562267143885334111396026602","332983991903622282988937649834858381754","134874418169471777179920312984975122439","292929451001655840653579458354093945884","124541674301364978156433733600978926598","122700454077057425567353402363786104533","74213820949545289180836633152480974650","28378800602613682390239154766405949555","239268973693329351446794496650353135289","88160930331730810177696987226318702245","207391404736208931911666446656132271797","178590677269267434442517898925464848043","308636226336762709767367156429249915955","141135455816156552100675934666676342740","90939628655534807682378130789175944108","189457668831571386176933099312645953475"]}},{"target":{"function":"futex_wait_requeue_pi","file":"kernel/futex.c"},"source":"https://android.googlesource.com/kernel/common/+/6e7bfa046de8","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-171705902-d819d704","digest":{"length":2243,"function_hash":"258296963401256066978420454997771824010"}}],"spl":"2021-08-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-171705902.json"}}],"schema_version":"1.7.5"}