CVE-2021-39680

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to the sec SHA256 Transform function in the sha256 core.c file, where uninitialized data could lead to reading heap data. This might cause local information disclosure, requiring System execution privileges for exploitation. No user interaction is needed for this issue to be exploited.

Recommendations For Android kernel, consider applying a patch or fix that initializes the necessary data in the sec SHA256 Transform function to prevent heap data disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.