CVE-2021-0395 — Use After Free in Google Android

CWE-416 — Use After Free5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 95.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform System Core Google Android

Timeline

PublishedMar 10

Latest updateMay 24

Description

In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170315126

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/androidAndroid-11

▶NVDgoogle/android11.0

▶Androidplatform/system_core11:0 — 11:2021-03-01

🔴Vulnerability Details

GHSA

GHSA-p96h-697j-3c35: In StopServicesAndLogViolations of reboot↗2022-05-24

▶

CVEList

CVE-2021-0395: In StopServicesAndLogViolations of reboot↗2021-03-10

▶

OSV

CVE-2021-0395: In StopServicesAndLogViolations of reboot↗2021-03-01

▶

📋Vendor Advisories

Android

CVE-2021-0395: Android Security Bulletin 2021-03-01 CVE: CVE-2021-0395 Severity: HIGH Type: EoP Affected AOSP versions: 11 References: A-170315126↗2021-03-01

▶