CVE-2021-0887 — Use of Uninitialized Resource in Google Android

CWE-908 — Use of Uninitialized Resource4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 95.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedAug 24

Latest updateAug 25

Description

In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848817

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-fm5w-336q-vfgr: In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data↗2022-08-25

▶

OSV

CVE-2021-0887: In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data↗2022-08-01

▶

📋Vendor Advisories

Android

CVE-2021-0887: PowerVR-GPU↗2022-08-01

▶