{"id":"PUB-A-216408350","details":"In fget() of multiple locations, there is a possible read after free  due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-216408350","ASB-A-216408350","CVE-2021-4083"],"modified":"2026-03-11T06:37:07.205109Z","published":"2022-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-05-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2022-05-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969"],"vanir_signatures":[{"target":{"function":"__fget_files","file":"fs/file.c"},"signature_type":"Function","deprecated":false,"id":"PUB-A-216408350-04872399","signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969","digest":{"function_hash":"50347399082138730567468486640168205875","length":312}},{"target":{"file":"fs/file.c"},"signature_type":"Line","deprecated":false,"id":"PUB-A-216408350-181bf3dd","signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969","digest":{"threshold":0.9,"line_hashes":["222339155623389242937145999001050522534","14210766515571077282217007477797530518","286959784734915952769508299362550069891","325423163522201025610882289272510867957"]}}],"spl":"2022-05-05","severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/PUB-A-216408350.json"}}],"schema_version":"1.7.5"}