CVE-2021-1048
| CVE Published | 2021-12-15 |
|---|---|
| Related CWE(s) | CWE-416: Use After Free |
| Related Vendor(s) | |
| Related Product(s) | android |
| Exploitation Reported (CISA KEV) | 2022-05-23 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph