CVE-2021-0520 — Race Condition in Google Android

CWE-362 — Race Condition CWE-416 — Use After Free5 documents5 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 91.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks AV Google Android

Timeline

PublishedJun 21

Latest updateMay 24

Description

In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/androidAndroid-11 Android-10

▶NVDgoogle/android10.0, 11.0+1

▶Androidplatform/frameworks_av10:0 — 10:2021-06-01+1

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-pmm6-qxj3-9jr6: In several functions of MemoryFileSystem↗2022-05-24

▶

CVEList

CVE-2021-0520: In several functions of MemoryFileSystem↗2021-06-21

▶

OSV

CVE-2021-0520: In several functions of MemoryFileSystem↗2021-06-01

▶

📋Vendor Advisories

Android

CVE-2021-0520: Android Security Bulletin 2021-06-01 CVE: CVE-2021-0520 Severity: HIGH Type: EoP Affected AOSP versions: 10, 11 References: A-176237595↗2021-06-01

▶