CVE-2021-0508

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-0508
In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154

7.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://source.android.com/security/bulletin/2021-06-01 Patch Vendor Advisory
https://source.android.com/security/bulletin/2021-06-01 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
History

21 Nov 2024, 05:42

Type Values Removed Values Added
References () https://source.android.com/security/bulletin/2021-06-01 - Patch, Vendor Advisory () https://source.android.com/security/bulletin/2021-06-01 - Patch, Vendor Advisory

22 Jun 2021, 18:29

Type Values Removed Values Added
References (MISC) https://source.android.com/security/bulletin/2021-06-01 - (MISC) https://source.android.com/security/bulletin/2021-06-01 - Patch, Vendor Advisory
CPE cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 6.9
v3 : 7.0
CWE CWE-416
CWE-362

21 Jun 2021, 17:35

Type Values Removed Values Added
New CVE
Information

Published : 2021-06-21 17:15

Updated : 2024-11-21 05:42

NVD link : CVE-2021-0508

Mitre link : CVE-2021-0508

CVE.ORG link : CVE-2021-0508

JSON object : View

Products Affected

google

  • android
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416

Use After Free