PT-2020-5519 · Google+4 · Android Kernel+4

Published

2020-06-01

·

Updated

2021-05-18

·

CVE-2021-0342

CVSS v3.1

6.7

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Android kernel
Description The issue is related to a component of the Android operating system, specifically a problem with memory usage after it has been freed. This could potentially allow an attacker to escalate their privileges. The exploitation of this issue may lead to local escalation of privilege, requiring System execution privileges. User interaction is not necessary for the exploitation to occur.
Recommendations For Android kernel, consider applying a patch to fix the memory corruption issue in the tun get user function of tun.c as a permanent solution. As a temporary workaround, restrict access to the tun.c module to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:1578
BDU:2021-01031
CESA-2021_1578
CESA-2021_1739
CVE-2021-0342
OESA-2021-1086
OPENSUSE-SU-2021:0241-1
OPENSUSE-SU-2021_0241-1
RHSA-2021:1578
RHSA-2021:1739
RHSA-2021_1578
RHSA-2021_1739
SUSE-SU-2021:0347-1
SUSE-SU-2021:0348-1
SUSE-SU-2021:0353-1
SUSE-SU-2021:0354-1
SUSE-SU-2021:0427-1
SUSE-SU-2021:0433-1
SUSE-SU-2021:0532-1
SUSE-SU-2021:0809-1
SUSE-SU-2021:0818-1
SUSE-SU-2021:0849-1
SUSE-SU-2021:0853-1
SUSE-SU-2021:0859-1

Affected Products

Almalinux
Android Kernel
Centos
Red Hat
Suse