KEVIntel
Back to KEVs
7.8
CVSS
High

CVE-2021-1048

PUBLISHED

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of...

Exploited in the wild Low complexity No user interaction
Vendor
Google
Product
Android
Published
Dec 15, 2021
EPSS

Description

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel

android cisa

CVSS scores

CVSS v3.1 7.8 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.2

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2022-05-23 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA May 23, 2022

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel