{"id":"PUB-A-186337918","details":"In several functions of verifier.c, there is a possible way to disclose kernel memory due to side channel information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-186337918","CVE-2021-29155"],"modified":"2026-03-11T05:24:56.171278Z","published":"2021-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-10-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/9601148392520e2e134936e76788fc2a6371e7be"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/6f55b2f2a1178856c19bbce2f71449926e731914"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/24c109bb1537c12c02aeed2d51a347b4d6a9b76e"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/b658bbb844e28f1862867f37e8ca11a8e2aa94a3"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/a6aaece00a57fa6f22575364b3903dfbccf5345d"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/073815b756c51ba9d8384d924c5d1c03ca3d1ae4"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/f528819334881fd622fdadeddb3f7edaed8b7c9b"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2021-10-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"spl":"2021-10-05","fixes":["https://android.googlesource.com/kernel/common/+/9601148392520e2e134936e76788fc2a6371e7be","https://android.googlesource.com/kernel/common/+/6f55b2f2a1178856c19bbce2f71449926e731914","https://android.googlesource.com/kernel/common/+/24c109bb1537c12c02aeed2d51a347b4d6a9b76e","https://android.googlesource.com/kernel/common/+/b658bbb844e28f1862867f37e8ca11a8e2aa94a3","https://android.googlesource.com/kernel/common/+/a6aaece00a57fa6f22575364b3903dfbccf5345d","https://android.googlesource.com/kernel/common/+/073815b756c51ba9d8384d924c5d1c03ca3d1ae4","https://android.googlesource.com/kernel/common/+/f528819334881fd622fdadeddb3f7edaed8b7c9b","https://android.googlesource.com/kernel/common/+/7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0"],"severity":"Moderate","types":["ID"],"vanir_signatures":[{"deprecated":false,"id":"PUB-A-186337918-02a72700","target":{"file":"kernel/bpf/verifier.c","function":"retrieve_ptr_limit"},"signature_type":"Function","digest":{"length":881,"function_hash":"142326869828688370603557871141678287265"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/a6aaece00a57fa6f22575364b3903dfbccf5345d"},{"deprecated":false,"id":"PUB-A-186337918-0f1c142f","target":{"file":"kernel/bpf/verifier.c","function":"retrieve_ptr_limit"},"signature_type":"Function","digest":{"length":893,"function_hash":"316239043046518439015850015893669889269"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0"},{"deprecated":false,"id":"PUB-A-186337918-1e3cca6e","target":{"file":"kernel/bpf/verifier.c"},"signature_type":"Line","digest":{"line_hashes":["114301004794924848045714296215986753404","71749256150156277579716594244510955242","254795925386519137223243686941163251620","136716383469065413608097990589109564739","89522239158795419087619746193143309496","303867019925243015271991995456202807189","220133077614045257605013977394826688332","207816598696591912731465326274798505764","143249013821615246451946155096210564385","322905648790923695590636604558630132257","208531971942581623484382266463001326082","191457677137427027915940391032126859634","131835767377942775458282656710665350373","1374255815086099547607244284050934999","65124599339688074719155606165725099896","72183546918509789144407743841931259890","63273999810990037573422310029218508894","110745800579062450672445445614613932925","176003657337290295671243159164801845791","219819845571459262962131139114794685767","247672923117819337510085368947821032964","318856771309121580385049997873658480603","2617414769440252260239628661774883086","42787704106486038091599666075772155067","3924012355989222331556904442809048643","201434567567440715159172636521096933768","140858105517165341424224722910656318628","229370419234964954688414728046248697191","258998299724870782438903936233213308208","261789840756037996724382760861955391503","52791327772751745589192128743641147841","26727527826486794425523355313774759935","170410585260446876977220605793683320175","78090994072046059919359618610617509401","37506367817824648607155288995528558887","151112609099172857871811485927978261301","129195599419721061780218965167067348612","94982746926622883526728585657169804984","23941208122981566439189456124954578760","335851251418787678590809765426797561299","260682693075969492532434809911790329311","275229003933364267958253211912855836848","174777300302264713192934025392943171405","128215198036904777790300694596698863226","315329731831906047579021383969400823531","210287128960023494681452874915596781976","66351642444242204266103157498596263337","335319216995490082330647105102005323162","332459120380566545068414370036553615383","157757971496223130224727189730452117881","189512357794252429412003108592765790750","100602034378135394690177251695556722184","39848923121169685586605870857986851407","150203262932536143257858330574930925124","166564433755734152074346426454268092188","328959905041013827183270228634835782067","226221732338468509526422511133350200808","283914302533439136867461647554861139321","90221552522153860705530658621588944801","49368605745088328475664293898690747590","15877268267930370249456014927228255439","279054945790868548188692925606161907845","193503802923642470576137932870481994216","281860933786349660379103416131629177890"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0"},{"deprecated":false,"id":"PUB-A-186337918-2384780a","target":{"file":"kernel/bpf/verifier.c","function":"adjust_ptr_min_max_vals"},"signature_type":"Function","digest":{"length":5483,"function_hash":"60870908949411455329061192303702779501"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/24c109bb1537c12c02aeed2d51a347b4d6a9b76e"},{"deprecated":false,"id":"PUB-A-186337918-23c55bb9","target":{"file":"kernel/bpf/verifier.c","function":"adjust_ptr_min_max_vals"},"signature_type":"Function","digest":{"length":5487,"function_hash":"164862801161063965694009978540384139876"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/6f55b2f2a1178856c19bbce2f71449926e731914"},{"deprecated":false,"id":"PUB-A-186337918-31179cdc","target":{"file":"kernel/bpf/verifier.c","function":"sanitize_ptr_alu"},"signature_type":"Function","digest":{"length":835,"function_hash":"160452684997634312016654078286960967430"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/6f55b2f2a1178856c19bbce2f71449926e731914"},{"deprecated":false,"id":"PUB-A-186337918-3e8cb33f","target":{"file":"kernel/bpf/verifier.c"},"signature_type":"Line","digest":{"line_hashes":["282058195687562348807590427065618562896","229491056612342112157534733552571010298","24098686306953093500402656621660559655","197443242739242875515893212178046111856","136783983040573813371244765474366764371","123563401680879400511556730884885576558","205921153490719296369803338620003546654","225341317714956895510542625910210530662","283415009912651935474711580666517776005","192904543428502092962290560719042398038","221074064320735200714409252319742698665","140254163173515040014738161207272852339","323250515656912679688432143519061003349","75703500411777127859942646105302643121","312221723989749002659137762668406974075","323289905906955971735130469896815318353","156179445604542804812792190578541516583","267868390585593816517915983992887850017","160495847613381060821701226266193473158"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/073815b756c51ba9d8384d924c5d1c03ca3d1ae4"},{"deprecated":false,"id":"PUB-A-186337918-4500bc44","target":{"file":"kernel/bpf/verifier.c","function":"adjust_scalar_min_max_vals"},"signature_type":"Function","digest":{"length":2906,"function_hash":"220733230987237144772736836785540259010"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/f528819334881fd622fdadeddb3f7edaed8b7c9b"},{"deprecated":false,"id":"PUB-A-186337918-600a1395","target":{"file":"kernel/bpf/verifier.c"},"signature_type":"Line","digest":{"line_hashes":["77442960050802318017876812559493279828","17024102001121765798611469774481744867","317420923171753003864553608592077412773","28790782144294165209606382352639598432","322566115669594912920201594012322327461","315394372177304065452348004302456537939","9710260800311349913489575272970318264","79744331044420135662543514852116749169","173958753945913611780335049680329315604","91353858336321839177407612782874704137","281121866354856682736356125141732049179","78120081378425938711158484242589393340","12681233806988702066940340265223172683","190325117125731474052243082973318793669","99065929489019578606292325744868239580","76080056008053321959766691794795573283","176748401582100084918356824603030810082","176166272087760497658427359553450459014","53489083422022700743345050693036682854","92698929727185929191414450349533153952","20934781664022044134356079199617571148","240827568142428504439373417182596109529","29570101623088431545270829205553503809","103414314099636969154622259445362891080","334930419479257539789805211069697029932","230854622574928264560172461107740349273","124093624003048441552304101444919791307","129820969237192913484681455087087279687"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/b658bbb844e28f1862867f37e8ca11a8e2aa94a3"},{"deprecated":false,"id":"PUB-A-186337918-6326f41b","target":{"file":"kernel/bpf/verifier.c"},"signature_type":"Line","digest":{"line_hashes":["103381520136910515326319962908350619792","174671424062403317975331388893570055356","240138156490599121090017960305332017170","61538807258198900382036402616293581741","164789574237162029473849685868090933925","152598167109669477434781474109259295991","19833889899567726430103307955643145870","37915013268495139981619116539606986265","339628609768221077499045785554570858040","127171693933109560675765896771415348912","2827028564972159045492176152675064713","281665525742919943358003718327045116952","154205237447540980422613041993411640179","277248056179856428323883280196159250863","51619959257697419040360827431265675288","320873981949883250169675360434733681353","54309377834036054453075276415501086305","291147809898473125455233745190031336292","228907941431799189482458587946938987439","215058551496031886863212314320174235595","180273889910095370472478233335563311452","99247017949532833990554890180049661866","246017629092455155781646704554876433963","248558748876448854764262267301539635020","256967401235602108300502029958783705003","245874587135355277073503778848147423092","110578728074716448979661304221439680833"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/24c109bb1537c12c02aeed2d51a347b4d6a9b76e"},{"deprecated":false,"id":"PUB-A-186337918-66ae5573","target":{"file":"kernel/bpf/verifier.c"},"signature_type":"Line","digest":{"line_hashes":["218714449604499915071694496152356323250","45704365308297903021096708014382581274","337559564869367164935353401567183924801","286272596960287988914324541723015790463","31651886707842055480376838760699901522","276972620993420840103961910619076327396","10663515993386016079925984320512055971","110226294205823067773151592943417720580","10159363312468416494411373139083858061","229007737145066186988165548592200566373","224880947185908388246783261138729747607","10322464107095078227980000674642629487","37253300164757187743546013874133533409","47049342480494653258562682088782761012","96863880894955747406993311961143116688","138190035494557935594915829779364314815","307581971852586362949562012419242584368","182334636420870205911316796809877339874","65766865064511021184778102562587617964","200391326299233568889925386308167066475","248380800917530653289931174969630350531","134870460839031606626165630449261130974","246951637073595837889355820121401332160","211991352364883930535285279291394399775","308431547342429937292279092715558264872","16826815232114989779007611329666355583","9208282887981355045469600353505587300","113929299524522302058180961132103825417","80412179878676341024713492143350018712","304052767062712656945406038862972436159","1167191890427871827893471209599840187","277903420204662893063976861276523116429","218403699623223321300023898703005062395","198268347358126782002822913984997640338","160898182728783937668524384368658720067","283466069986278212952458825142613371547","113131266652001335102075890489587246797","333245929769086122320040392041756776377","308628460436977131723204329427590591947","153674347189071481141495294681311852841","179868309379708541183741148071118809048","30245767556070096008348750648808255909","76012561014517903681786343963048840990","128120564325291665045069176503699653329","122580673523133397609928565749697646576","249084933148502903653399747795131059787","12765023030365364359184909482460447171","104878718937763474962565409791071604649","148688740199615426218807273791977049627","237058203963425871482760356256811059175","279121862496495216908928487347795756801","296892783827672391565124721557533449945","268916771192513158724696988427715547471","281180860769557978304330871874727058476","55998260742504708179481514331255418923","167148449908504351643592200523687389853","11507441996209466956660011787504380593","114984108854163346958024591981773036019","100696395561043789672158484610323975890"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/a6aaece00a57fa6f22575364b3903dfbccf5345d"},{"deprecated":false,"id":"PUB-A-186337918-68a348ec","target":{"file":"kernel/bpf/verifier.c"},"signature_type":"Line","digest":{"line_hashes":["18165135779466820786240274213792935398","95259640639970879322579420980295413419","239595718824113794663481850682138365523","129067249238655189403987183909363535355","7033306917882309472277196867027508268","229010441627964760320165366945862358838","146782000889997755148431255122921608307","151100974297558672289298084388186347251","184197069414713142732147949061168315429","52825033788360440135229320070253319667","223785969030333388027105467265623409792","84225908660257451551892265813981780750","56490882799611671169107109085776128232","148588434042610851386580508980923399027","25001129255759929241033037036513035837","62146069999977052098498354794415705089"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/6f55b2f2a1178856c19bbce2f71449926e731914"},{"deprecated":false,"id":"PUB-A-186337918-74f6465c","target":{"file":"kernel/bpf/verifier.c","function":"adjust_ptr_min_max_vals"},"signature_type":"Function","digest":{"length":5048,"function_hash":"17207822245785881964029576319337059621"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/073815b756c51ba9d8384d924c5d1c03ca3d1ae4"},{"deprecated":false,"id":"PUB-A-186337918-7a0224e9","target":{"file":"kernel/bpf/verifier.c","function":"adjust_ptr_min_max_vals"},"signature_type":"Function","digest":{"length":5479,"function_hash":"125843481326521891639350157180231397173"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/9601148392520e2e134936e76788fc2a6371e7be"},{"deprecated":false,"id":"PUB-A-186337918-82f8738d","target":{"file":"kernel/bpf/verifier.c"},"signature_type":"Line","digest":{"line_hashes":["246695606581409387158863810852610618632","89246996787328126017189709845583227179","264052653408367067844449628668108182984","3428031845225140226106607569969277222"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/9601148392520e2e134936e76788fc2a6371e7be"},{"deprecated":false,"id":"PUB-A-186337918-896dd233","target":{"file":"kernel/bpf/verifier.c","function":"sanitize_ptr_alu"},"signature_type":"Function","digest":{"length":883,"function_hash":"277855126346309130210651293157185251959"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0"},{"deprecated":false,"id":"PUB-A-186337918-8d1d45cc","target":{"file":"kernel/bpf/verifier.c","function":"retrieve_ptr_limit"},"signature_type":"Function","digest":{"length":882,"function_hash":"129522929628026699063173342839688519691"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/b658bbb844e28f1862867f37e8ca11a8e2aa94a3"},{"deprecated":false,"id":"PUB-A-186337918-8fb7b09f","target":{"file":"kernel/bpf/verifier.c"},"signature_type":"Line","digest":{"line_hashes":["276212936261548033675879741196695640042","263703486728521075021701617948305086966","202666486935702327703733695467908503678","53250420407405182756027046396073323493","69933766410075455321307708383123635488","314869839819145421588173891579884645175","46034219613679250400620036970329016739","116869860216842570477607474408604336686","145696341565665631479227435976517860383","69586943159958324165359556286761090861","314237097369849413536459869340181107693","237058203963425871482760356256811059175","279121862496495216908928487347795756801","296892783827672391565124721557533449945","143309286410320140694751037650909870725","334961769804652349683799816591397383116","80973630786434542023160021663039562635","215339079482544718851252830779601427437","219978155788802681610624055512431915179"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/f528819334881fd622fdadeddb3f7edaed8b7c9b"},{"deprecated":false,"id":"PUB-A-186337918-9ed5fa16","target":{"file":"kernel/bpf/verifier.c","function":"retrieve_ptr_limit"},"signature_type":"Function","digest":{"length":721,"function_hash":"254203844896245676810631648929513771012"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/24c109bb1537c12c02aeed2d51a347b4d6a9b76e"},{"deprecated":false,"id":"PUB-A-186337918-acaa7c93","target":{"file":"kernel/bpf/verifier.c","function":"update_alu_sanitation_state"},"signature_type":"Function","digest":{"length":230,"function_hash":"102443136265330604787204548666536511157"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/a6aaece00a57fa6f22575364b3903dfbccf5345d"},{"deprecated":false,"id":"PUB-A-186337918-c558fde6","target":{"file":"kernel/bpf/verifier.c","function":"sanitize_ptr_alu"},"signature_type":"Function","digest":{"length":877,"function_hash":"36952929240060046129653812201293762974"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/24c109bb1537c12c02aeed2d51a347b4d6a9b76e"},{"deprecated":false,"id":"PUB-A-186337918-c6b16c22","target":{"file":"kernel/bpf/verifier.c","function":"adjust_scalar_min_max_vals"},"signature_type":"Function","digest":{"length":3027,"function_hash":"60125803834267096025895124146004869023"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/a6aaece00a57fa6f22575364b3903dfbccf5345d"},{"deprecated":false,"id":"PUB-A-186337918-cd741f3a","target":{"file":"kernel/bpf/verifier.c","function":"adjust_ptr_min_max_vals"},"signature_type":"Function","digest":{"length":4709,"function_hash":"263488447789254681595578708559886956860"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0"},{"deprecated":false,"id":"PUB-A-186337918-e3839194","target":{"file":"kernel/bpf/verifier.c","function":"adjust_ptr_min_max_vals"},"signature_type":"Function","digest":{"length":5166,"function_hash":"118425757277851489570446696058348173292"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/a6aaece00a57fa6f22575364b3903dfbccf5345d"},{"deprecated":false,"id":"PUB-A-186337918-e9cf0629","target":{"file":"kernel/bpf/verifier.c","function":"sanitize_ptr_alu"},"signature_type":"Function","digest":{"length":879,"function_hash":"281371583213950479723288722972705128640"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/a6aaece00a57fa6f22575364b3903dfbccf5345d"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/PUB-A-186337918.json"}}],"schema_version":"1.7.5"}