[ASB-A-169505740] Android Vomit Report
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
1
In __speculation_ctrl_update of process.c, there is a possible way to disable Speculative Store Bypass Disable due to a logic error, which allows for side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Package | Affected Version |
---|---|
pkg:generic/android#linux_kernel | >= :0, < :2021-01-05 |
Package | Fixed Version |
---|---|
pkg:generic/android#linux_kernel | = :2021-01-05 |
- ID
- ASB-A-169505740
- Severity
- high
- URL
- https://source.android.com/security/bulletin/2021-01-01
- Published
-
2021-01-01T00:00:00
(3 years ago) - Modified
-
2024-07-31T14:43:08
(7 weeks ago) - Rights
- Android Security Team
- Other Advisories
-
- ALAS-2020-1401
- ALAS2-2020-1465
- ELSA-2020-3010
- FEDORA-2020-125ccdc871
- FEDORA-2020-1b2dae6219
- MS:CVE-2020-10766
- openSUSE-SU-2020:0935-1
- openSUSE-SU-2020:1153-1
- openSUSE-SU-2021:0242-1
- RHSA-2020:3010
- RHSA-2020:3016
- RHSA-2020:3073
- SUSE-SU-2020:1693-1
- SUSE-SU-2020:1699-1
- SUSE-SU-2020:1713-1
- SUSE-SU-2020:2027-1
- SUSE-SU-2020:2103-1
- SUSE-SU-2020:2105-1
- SUSE-SU-2020:2106-1
- SUSE-SU-2020:2107-1
- SUSE-SU-2020:2121-1
- SUSE-SU-2020:2134-1
- SUSE-SU-2020:2156-1
- SUSE-SU-2020:2478-1
- SUSE-SU-2020:2487-1
- USN-4427-1
- USN-4439-1
- USN-4440-1
- USN-4483-1
- USN-4485-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:generic/android#linux_kernel | android | = :2021-01-05 | ||||
Affected | pkg:generic/android#linux_kernel | android | >= :0 < :2021-01-05 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |