{"id":"PUB-A-154177719","details":"In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-154177719","CVE-2021-0941"],"modified":"2026-03-11T06:32:54.172720Z","published":"2021-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-10-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2021-10-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"spl":"2021-10-05","types":["EoP"],"severity":"Moderate","vanir_signatures":[{"deprecated":false,"target":{"file":"net/core/filter.c","function":"__bpf_skb_max_len"},"id":"PUB-A-154177719-2659fae5","signature_version":"v1","digest":{"function_hash":"137750596739827142383440686567359026006","length":143},"signature_type":"Function","source":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae"},{"deprecated":false,"target":{"file":"net/core/filter.c","function":"__bpf_skb_change_tail"},"id":"PUB-A-154177719-41b834ea","signature_version":"v1","digest":{"function_hash":"80986673427504888426221350849878848789","length":539},"signature_type":"Function","source":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae"},{"deprecated":false,"target":{"file":"net/core/filter.c"},"id":"PUB-A-154177719-4e51491f","signature_version":"v1","digest":{"line_hashes":["259945764881074619719629723458681249767","211702882046350222074973401003562500487","151907955510445705390785540960532420052","68176734093958623301963053393629470950","225562373724743555382354025186081879072","190028318914772261028234194399779291138","93796378132038944792557713097547750487","336181921167223465394791960094320316759","311820212607240749522446917574931627995","146807328354191437961850864036584372226","237655477908554768622172785463694605008","27574865760179538416505590557967602693","69736329567188186914680998775123579129","2733381238734308438062737694884319427","30411977170196555566438412885086409555","104428656257482569784448451277521778580","75343475432331829089969446875794635965","160501476631950876016368629880894036894","17352010099512609550099766235438737832","93165544051822768836533468225061610095"],"threshold":0.9},"signature_type":"Line","source":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae"},{"deprecated":false,"target":{"file":"net/core/filter.c","function":"BPF_CALL_4"},"id":"PUB-A-154177719-6204ae5f","signature_version":"v1","digest":{"function_hash":"67194930366748494138991667952683909923","length":1091},"signature_type":"Function","source":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae"},{"deprecated":false,"target":{"file":"net/core/filter.c","function":"__bpf_skb_change_head"},"id":"PUB-A-154177719-72072798","signature_version":"v1","digest":{"function_hash":"133660366625343567883229768301105442654","length":434},"signature_type":"Function","source":"https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae"}],"fixes":["https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/PUB-A-154177719.json"}}],"schema_version":"1.7.5"}