CVE-2021-1024Out-of-bounds Read in Google Android

CWE-125Out-of-bounds ReadCWE-401Missing Release of Memory after Effective LifetimeCWE-476NULL Pointer DereferenceCWE-402Resource LeakCWE-674Uncontrolled Recursion16 documents5 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 97.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks BaseGoogle Android
Timeline
PublishedDec 15
Latest updateSep 16

Description

In onEventReceived of EventResultPersister.java, there is a possible intent redirection due to a confused deputy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191283525

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/androidAndroid-12
NVDgoogle/android12.0
Androidplatform/frameworks_base12:012:2021-12-01

🔴Vulnerability Details

2
GHSA
GHSA-rgr9-47fx-rg94: In onEventReceived of EventResultPersister2021-12-16
OSV
CVE-2021-1024: In onEventReceived of EventResultPersister2021-12-01

💥Exploits & PoCs

5
Exploit-DB
HTMLDOC 1.9.13 - Stack Buffer Overflow2025-09-16
Exploit-DB
Apache Log4j2 2.14.1 - Information Disclosure2021-12-14
Exploit-DB
CHIYU IoT Devices - 'Telnet' Authentication Bypass2021-06-03
Exploit-DB
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)2021-05-26
Exploit-DB
DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)2021-05-21

📋Vendor Advisories

6
Red Hat
kernel: usb: fix various gadget panics on 10gbps cabling2024-05-21
Red Hat
kernel: sched: Fix out-of-bound access in uclamp2024-02-28
Red Hat
kernel: drm/amd/display: Free local data after use2024-02-28
Red Hat
kernel: virtiofs: fix memory leak in virtio_fs_probe()2024-02-27
Red Hat
systemd: Uncontrolled recursion in systemd-tmpfiles when removing files2022-01-10
CVE-2021-1024 — Out-of-bounds Read in Google Android | cvebase