CVE-2021-39640

Name of the Vulnerable Software and Affected Versions: Android kernel

Description: The issue is related to a possible out of bounds write in the dwc3 gadget ep0 queue function of ep0.c due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations: For Android kernel, consider applying a patch that properly implements locking mechanisms in the dwc3 gadget ep0 queue function to prevent out of bounds writes. As a temporary workaround, restrict access to sensitive areas of the kernel to minimize the risk of exploitation.