CVE-2021-1918 — Resource Exposure in Google Android

CWE-668 — Resource Exposure4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 86.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedJan 3

Latest updateFeb 21

Description

Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages1 packages

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-w67x-387h-w6cm: Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, S↗2022-01-04

▶

💥Exploits & PoCs

Exploit-DB

Thinfinity VirtualUI 2.5.26.2 - Information Disclosure↗2022-02-21

▶

📋Vendor Advisories

Android

CVE-2021-1918: Closed-source component↗2021-12-01

▶