CVE-2021-0535
published 2021-06-22CVE-2021-0535: In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of…
PriorityP428medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.11%
1.8th percentile
In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| platform | external_wpa_supplicant_8 | >= 11:0 < 11:2021-06-01 | 11:2021-06-01 |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-37jr-rxv8-wwqj: In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix
ghsa_unreviewed·2022-05-24
CVE-2021-0535 [MEDIUM] CWE-416 GHSA-37jr-rxv8-wwqj: In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix
In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741
OSV
CVE-2021-0535: In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix
osv·2021-06-01
CVE-2021-0535 CVE-2021-0535: In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix
In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-06-22
Published