CVE-2021-0936

Опубликовано: 05 янв. 2021

Источник: redhat

CVSS3: 7.8

Описание

In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173789633References: Upstream kernel

A use after free flaw in the Linux kernel's Gadget Function Driver for Android USB accessories functionality was found. A local user could use this flaw to crash the system or escalate their privileges on the system.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2018229kernel: possible memory corruption due to a use-after-free in acc_read() in f_accessory.c

7.8 High

CVSS3

Связанные уязвимости

CVE-2021-0936

CVSS3: 7.8

ubuntu

больше 4 лет назад

CVE-2021-0936

CVSS3: 7.8

nvd

больше 4 лет назад

CVE-2021-0936

CVSS3: 7.8

debian

больше 4 лет назад

In acc_read of f_accessory.c, there is a possible memory corruption du ...

GHSA-57h4-778p-3mp3

github

больше 3 лет назад

7.8 High

CVSS3