[ASB-A-169505740] Android Vomit Report

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

In __speculation_ctrl_update of process.c, there is a possible way to disable Speculative Store Bypass Disable due to a logic error, which allows for side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Package	Affected Version
pkg:generic/android#linux_kernel	>= :0, < :2021-01-05

Package	Fixed Version
pkg:generic/android#linux_kernel	= :2021-01-05

ID

ASB-A-169505740

Severity

high

URL

https://source.android.com/security/bulletin/2021-01-01

Published

2021-01-01T00:00:00
(3 years ago)

Modified

2024-07-31T14:43:08
(7 weeks ago)

Rights

Android Security Team

Other Advisories

Source	# ID	Name	URL
Advisory			https://source.android.com/security/bulletin/2021-01-01
Fix			https://android.googlesource.com/kernel/common/+/dbbe2ad02e9df26e372f38cc3e70dab9222c832e

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Fixed	pkg:generic/android#linux_kernel		android	= :2021-01-05
Affected	pkg:generic/android#linux_kernel		android	>= :0 < :2021-01-05

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date