CVE-2021-38783

Name of the Vulnerable Software and Affected Versions Allwinner R818 SoC Android Q SDK V1.0

Description The issue is related to an Out-of-Bound Write in the camera driver "/dev/cedar dev" through iotcl cmd IOCTL SET PROC INFO and IOCTL COPY PROC INFO, which could cause a system crash or Elevation of Privilege (EoP).

Recommendations For Allwinner R818 SoC Android Q SDK V1.0, consider disabling access to the "/dev/cedar dev" camera driver until a patch is available. As a temporary workaround, restrict the use of iotcl cmd IOCTL SET PROC INFO and IOCTL COPY PROC INFO to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.