{"id":"PUB-A-215387420", "published":"2022-06-01T00:00:00Z", "modified":"2026-05-18T15:08:09.253695533Z", "aliases":["CVE-2021-39806", "A-215387420"], "details":"In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/selinux", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L-next:0"}, {"fixed":"12L-next:2022-06-01"}]}], "versions":["12L-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/selinux/+/98fa1b865d52d97c06b754d1c2cfb69315997b65"], "severity":"Moderate", "spl":"2022-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["147964945417207699165835323731164294777", "188581824255746068532163302509815792704", "13414737792697373489248572050824066582"], "threshold":0.9}, "id":"PUB-A-215387420-63757973", "match_only_versions":["12L-next"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/selinux/+/98fa1b865d52d97c06b754d1c2cfb69315997b65", "target":{"file":"libselinux/src/label_backends_android.c"}}, {"deprecated":false, "digest":{"function_hash":"334210609469257421118557946681882990922", "length":387}, "id":"PUB-A-215387420-d0ab893d", "match_only_versions":["12L-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/selinux/+/98fa1b865d52d97c06b754d1c2cfb69315997b65", "target":{"file":"libselinux/src/label_backends_android.c", "function":"closef"}}]}}, {"package":{"name":"platform/external/selinux", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-06-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/selinux/+/98fa1b865d52d97c06b754d1c2cfb69315997b65"], "severity":"Moderate", "spl":"2022-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"334210609469257421118557946681882990922", "length":387}, "id":"PUB-A-215387420-335fbbac", "match_only_versions":["12L"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/selinux/+/98fa1b865d52d97c06b754d1c2cfb69315997b65", "target":{"file":"libselinux/src/label_backends_android.c", "function":"closef"}}, {"deprecated":false, "digest":{"line_hashes":["147964945417207699165835323731164294777", "188581824255746068532163302509815792704", "13414737792697373489248572050824066582"], "threshold":0.9}, "id":"PUB-A-215387420-d8cf79d2", "match_only_versions":["12L"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/selinux/+/98fa1b865d52d97c06b754d1c2cfb69315997b65", "target":{"file":"libselinux/src/label_backends_android.c"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-06-01"}]}