CVE-2021-39815 — Use After Free in Google Android

CWE-416 — Use After Free3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 64.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedAug 24

Latest updateAug 25

Description

The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232440670

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-92r8-v8q7-fwwr: The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the pa↗2022-08-25

▶

📋Vendor Advisories

Android

CVE-2021-39815: PowerVR-GPU↗2022-08-01

▶