{"id":"ASB-A-216408350","details":"In fget() of file.c, there is a possible read after free  due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-216408350","CVE-2021-4083","PUB-A-216408350"],"modified":"2026-03-11T06:19:00.182187Z","published":"2022-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-09-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2022-09-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"severity":"High","types":["EoP"],"vanir_signatures":[{"digest":{"function_hash":"50347399082138730567468486640168205875","length":312},"signature_type":"Function","deprecated":false,"target":{"file":"fs/file.c","function":"__fget_files"},"source":"https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969","signature_version":"v1","id":"ASB-A-216408350-04872399"},{"digest":{"threshold":0.9,"line_hashes":["222339155623389242937145999001050522534","14210766515571077282217007477797530518","286959784734915952769508299362550069891","325423163522201025610882289272510867957"]},"signature_type":"Line","deprecated":false,"target":{"file":"fs/file.c"},"source":"https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969","signature_version":"v1","id":"ASB-A-216408350-181bf3dd"}],"fixes":["https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969"],"spl":"2022-09-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-216408350.json"}}],"schema_version":"1.7.5"}