cbcvebase.
CVE-2021-1905
published 2021-05-07

CVE-2021-1905: Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon…

PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
1.15%
62.9th percentile
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Affected

1 ranges
VendorProductVersion rangeFixed in
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2021-1905 is a use-after-free in Qualcomm GPU/Display component due to improper handling of memory mapping of multiple processes simultaneously; patch reference is Android Security Bulletin 2021-05-01, component: Display
  • Track Android patch reference A-178809945 / QC-CR#2826864 for CVE-2021-1905 in the Display component; severity is HIGH per Android Security Bulletin
  • ·CVE-2021-1905 affects a broad range of Qualcomm chipset families; ensure patching covers all relevant product lines: Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables
  • ·CISA mandated remediation due date was 2022-05-03; any unpatched devices in scope should be treated as actively exploitable

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck8.4HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.