CVE-2021-39714
Summary
| CVE | CVE-2021-39714 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-16 15:15:00 UTC |
| Updated | 2022-09-28 19:54:00 UTC |
| Description | In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel |
Risk And Classification
Problem Types: CWE-190 | CWE-416
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pixel Update Bulletin—March 2022 | Android Open Source Project | MISC | source.android.com | |
| Pixel Update Bulletin—August 2022 | Android Open Source Project | MISC | source.android.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179118 Debian Security Update for linux (DLA 2940-1)
- 180519 Debian Security Update for linux (CVE-2021-39714)
- 610400 Google Pixel Android March 2022 Security Patch Missing
- 610408 Google Android April 2022 Security Patch Missing for Huawei EMUI
- 610432 Google Pixel Android August 2022 Security Patch Missing