CVE-2021-0920 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-0920 PUBLISHED KEV

In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel

EPSS 0.91% · 75.6th percentile

Risk Scores

EPSS Score

0.91%

75.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:16.04:LTS	linux-azure	4.13.0-1016.19, 4.15.0-1046.50, 4.15.0-1045.49
Ubuntu:18.04:LTS	linux-gke-4.15	4.15.0-1048.51, 4.15.0-1073.78, 4.15.0-1072.76
Ubuntu:Pro:FIPS:18.04:LTS	linux-gcp-fips	4.15.0-1001.1, 0
Ubuntu:18.04:LTS	linux-snapdragon	4.15.0-1099.108, 0, 4.4.0-1077.82
Ubuntu:18.04:LTS	linux-gkeop-5.4	5.4.0-1013.14~18.04.1, 0, 5.4.0-1001.1
Ubuntu:20.04:LTS	linux-bluefield	5.4.0-1013.16, 0, 5.4.0-1007.10
Ubuntu:Pro:FIPS-updates:20.04:LTS	linux-aws-fips	5.4.0-1021.21+fips2, 0
Ubuntu:Pro:FIPS-updates:20.04:LTS	linux-gcp-fips	0, 5.4.0-1021.21+fips1
Ubuntu:20.04:LTS	linux-raspi2	5.4.0-1006.6, 5.4.0-1004.4, 5.3.0-1015.17
Ubuntu:Pro:FIPS:16.04:LTS	linux-fips	0, 4.4.0-1002.2, 4.4.0-1001.1
Ubuntu:18.04:LTS	linux-hwe-edge	5.3.0-23.25~18.04.1, 5.3.0-22.24~18.04.1, 5.3.0-19.20~18.04.2
Ubuntu:Pro:16.04:LTS	linux	4.3.0-1.10, 4.3.0-2.11, 4.4.0-214.246
Ubuntu:20.04:LTS	linux-aws-5.8	5.8.0-1038.40~20.04.1, 5.8.0-1035.37~20.04.1, 0
Ubuntu:Pro:FIPS:20.04:LTS	linux-fips	0, 5.4.0-1007.8
Ubuntu:24.04:LTS	linux-raspi-realtime	6.8.0-2019.20, 0
Ubuntu:Pro:14.04:LTS	linux-aws	4.4.0-1025.26, 0, 4.4.0-1002.2
Ubuntu:Pro:FIPS:18.04:LTS	linux-fips	0, 4.15.0-1011.12
Ubuntu:20.04:LTS	linux-oracle-5.11	5.11.0-1016.17~20.04.1, 5.11.0-1013.14~20.04.1, 5.11.0-1008.8~20.04.1
Ubuntu:20.04:LTS	linux-oem-5.13	5.13.0-1009.10, 5.13.0-1010.11, 0
Ubuntu:Pro:FIPS-updates:18.04:LTS	linux-fips	4.15.0-1067.76, 4.15.0-1046.53, 4.15.0-1048.55

…and 73 more

Timeline

Nov 5, 2021 PoC Published
Dec 15, 2021 CVE Published
Dec 16, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 8, 2022 EPSS Score
May 23, 2022 CISA KEV Added
May 26, 2022 EPSS Score
Jul 20, 2022 EPSS Score
Sep 12, 2022 EPSS Score
Nov 4, 2022 EPSS Score
Dec 28, 2022 EPSS Score
Feb 20, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-0920 third-party-advisory
https://git.kernel.org/linus/cbcf01128d0a92e131bd09f1688fe032480b65ca third-party-advisory
https://source.android.com/security/bulletin/2021-11-01 third-party-advisory
https://ubuntu.com/security/notices/USN-5361-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2021-0920 third-party-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory
https://ubuntu.com/security/notices/USN-7720-1 vendor-advisory
Multiples vulnérabilités dans les produits Juniper advisory

Open in Interactive Console →