CVE-2021-0703 — Use After Free in Google Android

CWE-416 — Use After Free5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.0%

top 96.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform System Core Google Android

Timeline

PublishedOct 22

Latest updateMay 24

Description

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/androidAndroid-11

▶NVDgoogle/android11.0

▶Androidplatform/system_core12-next:0 — 12-next:2021-10-01+2

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-r5f5-hqc8-7rx6: In SecondStageMain of init↗2022-05-24

▶

CVEList

CVE-2021-0703: In SecondStageMain of init↗2021-10-22

▶

OSV

CVE-2021-0703: In SecondStageMain of init↗2021-10-01

▶

📋Vendor Advisories

Android

CVE-2021-0703: Android Security Bulletin 2021-10-01 CVE: CVE-2021-0703 Severity: HIGH Type: EoP Affected AOSP versions: 11 References: A-184569329↗2021-10-01

▶