In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel. References: https://source.android.com/security/bulletin/pixel/2021-10-01 https://android.googlesource.com/kernel/common/+/b207caff4176
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2018213]
This was fixed for Fedora with the 5.9.15 stable kernel updates.