In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel. References: https://source.android.com/security/bulletin/pixel/2021-12-01 https://android.googlesource.com/kernel/common/+/64e6bbfff52db4bf6785fab9cffab850b2de6870
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2068260]
This was fixed for Fedora with the 5.10.7 stable kernel updates.
There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-39648