CVE-2021-0920: Android Kernel Race Condition Vulnerability
First published: Wed Jul 28 2021(Updated: )
A flaw was found in the linux kernel, unix_gc() assumes that candidate sockets can never gain an external reference (i.e. be installed into an fd) while the unix_gc_lock is held. Except for MSG_PEEK this is guaranteed by modifying inflight count under the unix_gc_lock. References: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca</a>
Credit: security@android.com security@android.com security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-754.47.1.el6 | 0:2.6.32-754.47.1.el6 |
| redhat/kernel-rt | <0:3.10.0-1160.59.1.rt56.1200.el7 | 0:3.10.0-1160.59.1.rt56.1200.el7 |
| redhat/kernel | <0:3.10.0-1160.59.1.el7 | 0:3.10.0-1160.59.1.el7 |
| redhat/kernel | <0:3.10.0-514.99.1.el7 | 0:3.10.0-514.99.1.el7 |
| redhat/kernel | <0:3.10.0-693.99.1.el7 | 0:3.10.0-693.99.1.el7 |
| redhat/kernel | <0:3.10.0-957.92.1.el7 | 0:3.10.0-957.92.1.el7 |
| redhat/kernel | <0:3.10.0-1062.66.1.el7 | 0:3.10.0-1062.66.1.el7 |
| redhat/kernel-rt | <0:4.18.0-348.20.1.rt7.150.el8_5 | 0:4.18.0-348.20.1.rt7.150.el8_5 |
| redhat/kernel | <0:4.18.0-348.20.1.el8_5 | 0:4.18.0-348.20.1.el8_5 |
| redhat/kernel | <0:4.18.0-147.64.1.el8_1 | 0:4.18.0-147.64.1.el8_1 |
| redhat/kernel-rt | <0:4.18.0-193.75.1.rt13.125.el8_2 | 0:4.18.0-193.75.1.rt13.125.el8_2 |
| redhat/kernel | <0:4.18.0-193.75.1.el8_2 | 0:4.18.0-193.75.1.el8_2 |
| redhat/kernel-rt | <0:4.18.0-305.40.1.rt7.112.el8_4 | 0:4.18.0-305.40.1.rt7.112.el8_4 |
| redhat/kernel | <0:4.18.0-305.40.1.el8_4 | 0:4.18.0-305.40.1.el8_4 |
| redhat/redhat-virtualization-host | <0:4.3.22-20220330.1.el7_9 | 0:4.3.22-20220330.1.el7_9 |
| redhat/kernel | <5.14 | 5.14 |
| Google Android Kernel | ||
| Android | ||
| Android | ||
| Debian | =9.0 | |
| IBM Security Guardium | <=11.3 | |
| IBM InfoSphere Guardium z/OS | <=11.4 | |
| IBM InfoSphere Guardium z/OS | <=11.5 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.16-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-0920 https://nvd.nist.gov/vuln/detail/CVE-2021-0920 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca
- https://bugzilla.redhat.com/show_bug.cgi?id=2031930
- https://access.redhat.com/errata/RHSA-2022:1417
- https://access.redhat.com/errata/RHSA-2022:0622
- https://access.redhat.com/errata/RHSA-2022:0592
- https://access.redhat.com/errata/RHSA-2022:0620
- https://access.redhat.com/errata/RHSA-2022:1106
- https://access.redhat.com/errata/RHSA-2022:1104
- https://access.redhat.com/errata/RHSA-2022:1107
- https://access.redhat.com/errata/RHSA-2022:1103
- https://access.redhat.com/errata/RHSA-2022:1324
- https://access.redhat.com/errata/RHSA-2022:1373
- https://access.redhat.com/errata/RHSA-2022:0819
- https://access.redhat.com/errata/RHSA-2022:0825
- https://access.redhat.com/errata/RHSA-2022:0849
- https://access.redhat.com/errata/RHSA-2022:0823
- https://access.redhat.com/errata/RHSA-2022:0851
- https://access.redhat.com/errata/RHSA-2022:0958
- https://access.redhat.com/errata/RHSA-2022:0629
- https://access.redhat.com/errata/RHSA-2022:0590
- https://access.redhat.com/errata/RHSA-2022:0636
- https://access.redhat.com/errata/RHSA-2022:0771
- https://access.redhat.com/errata/RHSA-2022:0772
- https://access.redhat.com/errata/RHSA-2022:0777
- https://access.redhat.com/errata/RHSA-2022:1263
- https://access.redhat.com/errata/RHSA-2022:0841
- https://access.redhat.com/security/cve/cve-2021-0920
- https://source.android.com/security/bulletin/2021-11-01
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://launchpad.net/bugs/cve/CVE-2021-0920
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2047640
- https://exchange.xforce.ibmcloud.com/vulnerabilities/215673
- https://www.ibm.com/support/pages/node/6999317 (Advisory)
- https://android.googlesource.com/kernel/common/+/cbcf01128d0a92e131bd09f1688fe032480b65ca
- https://source.android.com/docs/security/bulletin/2021-11-01 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2021-0920
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0920
- https://security-tracker.debian.org/tracker/CVE-2021-0920
- https://ubuntu.com/security/CVE-2021-0920
- https://git.kernel.org/linus/cbcf01128d0a92e131bd09f1688fe032480b65ca
- https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
- https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-0920.html
Parent vulnerabilities
(Appears in the following advisories)
- RHSA-2022:1417
- RHSA-2022:0622
- RHSA-2022:0592
- RHSA-2022:0620
- RHSA-2022:1106
- RHSA-2022:1104
- RHSA-2022:1107
- RHSA-2022:1103
- RHSA-2022:1324
- RHSA-2022:1373
- RHSA-2022:0819
- RHSA-2022:0825
- RHSA-2022:0849
- RHSA-2022:0823
- RHSA-2022:0851
- RHSA-2022:0958
- RHSA-2022:0629
- RHSA-2022:0590
- RHSA-2022:0636
- RHSA-2022:0771
- RHSA-2022:0772
- RHSA-2022:0777
- RHSA-2022:1263
- RHSA-2022:0841
- IBM-6999317
Frequently Asked Questions
What is the severity of CVE-2021-0920?
CVE-2021-0920 has a severity rating of medium, indicating it may allow a user to perform unauthorized operations in certain conditions.
How do I fix CVE-2021-0920?
To fix CVE-2021-0920, update the kernel to the specified remedial versions mentioned in the advisory.
What systems are affected by CVE-2021-0920?
CVE-2021-0920 affects various versions of the Linux kernel across different distributions such as Red Hat and Debian.
Can CVE-2021-0920 be exploited remotely?
CVE-2021-0920 does not grant remote exploitation capabilities and requires local access to exploit.
What conditions make CVE-2021-0920 a risk?
CVE-2021-0920 becomes a risk when system configurations allow untrusted users local access to the system.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/title
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-0920
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/references
- agent/remedy
- agent/trending
- agent/source
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/android-source
- source/Android
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- collector/nvd-index
- collector/ibm-support
- source/IBM
- agent/tags
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/description
- agent/softwarecombine
- package-manager/redhat
- vendor/android
- canonical/google android kernel
- vendor/google
- canonical/android
- vendor/debian
- canonical/debian
- version/debian/9.0
- vendor/ibm
- canonical/ibm security guardium
- version/ibm security guardium/11.3
- canonical/ibm infosphere guardium z/os
- version/ibm infosphere guardium z/os/11.4
- version/ibm infosphere guardium z/os/11.5
- package-manager/debian