{"id":"PUB-A-202511260","details":"In prealloc_elems_and_freelist of stackmap.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-202511260","CVE-2021-41864"],"modified":"2026-03-11T06:35:07.959148Z","published":"2022-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-03-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/30e29a9a2bc6a4888335a6ede968b75cd329657a"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2022-03-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"spl":"2022-03-05","vanir_signatures":[{"id":"PUB-A-202511260-3ca95fcd","target":{"file":"kernel/bpf/stackmap.c"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/30e29a9a2bc6a4888335a6ede968b75cd329657a","signature_type":"Line","digest":{"line_hashes":["138355671117931060601386443469335038030","21078963703448784961734780795509455909","307878453625655919730588976003179522762","90440858909143805989969151470339403945"],"threshold":0.9}},{"id":"PUB-A-202511260-7e8b55b7","target":{"file":"kernel/bpf/stackmap.c","function":"prealloc_elems_and_freelist"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/30e29a9a2bc6a4888335a6ede968b75cd329657a","signature_type":"Function","digest":{"length":472,"function_hash":"78331623464240500637050481890227317480"}}],"types":["EoP"],"fixes":["https://android.googlesource.com/kernel/common/+/30e29a9a2bc6a4888335a6ede968b75cd329657a"],"severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/PUB-A-202511260.json"}}],"schema_version":"1.7.5"}