1. Home
  2. Vulnerabilities
  3. CVE-2021-1048

CVE-2021-1048

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.06 % (28th)
0.06% Progress
Affected Products 1
Advisories 4
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
Android (associated with Google Inc. or Open Handset Alliance)
Published Date
2021-12-15 19:15:14
(2 years ago)
Updated Date
2021-12-20 16:56:29
(2 years ago)
Android Kernel Use-After-Free Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Android kernel contains a use-after-free vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-1048
Vendor
Android
Product
Kernel
In CISA Catalog from
2022-05-23
(2 years ago)
Due Date
2022-06-13
(2 years ago)

Affected Products

Google

Configuration #1

    CPE23 From Up To
  Google Android cpe:2.3:o:google:android:-