CVE-2021-0948 — Use of Uninitialized Resource in Google Android

CWE-908 — Use of Uninitialized Resource4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 91.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedJul 13

Description

The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5google/androidAndroid SoC

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-hfh2-mjpv-g64v: The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space↗2023-07-13

▶

OSV

CVE-2021-0948: The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space↗2023-07-01

▶

📋Vendor Advisories

Android

CVE-2021-0948: PowerVR-GPU↗2023-07-01

▶