CVE-2021-0509 — Race Condition in Google Android

CWE-362 — Race Condition CWE-416 — Use After Free5 documents5 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 91.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks AV Platform Hardware Interfaces Google Android

Timeline

PublishedJun 21

Latest updateMay 24

Description

In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/androidAndroid-9 Android-10 Android-11 Android-8.1

▶NVDgoogle/android4 versions+3

▶Androidplatform/frameworks_av9:0 — 9:2021-06-01+2

▶Androidplatform/hardware_interfaces8.1:0 — 8.1:2021-06-01+3

🔴Vulnerability Details

GHSA

GHSA-c7q8-63qc-28xc: In various functions of CryptoPlugin↗2022-05-24

▶

CVEList

CVE-2021-0509: In various functions of CryptoPlugin↗2021-06-21

▶

OSV

CVE-2021-0509: In various functions of CryptoPlugin↗2021-06-01

▶

📋Vendor Advisories

Android

CVE-2021-0509: Android Security Bulletin 2021-06-01 CVE: CVE-2021-0509 Severity: HIGH Type: EoP Affected AOSP versions: 8↗2021-06-01

▶