CVE-2021-0938

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to the use of uninitialized data in the memzero explicit function of compiler-clang.h, which could lead to a bypass of defense in depth. This might result in local information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android kernel, consider applying the upstream kernel fix to resolve the issue. As a temporary workaround, restrict access to sensitive data to minimize the risk of information disclosure until a patch is available.