CVE-2021-39806Double Free in Google Android

CWE-415Double Free3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform External SelinuxGoogle Android
Timeline
PublishedJun 15
Latest updateJun 16

Description

In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/androidAndroid-12L
NVDgoogle/android12.1
Androidplatform/external_selinux12L-next:012L-next:2022-06-01+1

🔴Vulnerability Details

2
GHSA
GHSA-j22w-f6g9-q452: In closef of label_backends_android2022-06-16
OSV
CVE-2021-39806: In closef of label_backends_android2022-06-01