CVE-2021-0942

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue allows an untrusted app to control the ui32PageIndex offset via an ioctl, potentially leading to an out-of-bounds (OOB) read or write. This occurs in the expression sPA.uiAddr = page to phys(psOSPageArrayData->pagearray[ui32PageIndex]). Although the current proof of concept (PoC) results in a crash due to an OOB read, it is plausible that an attacker could exploit this to achieve an OOB write by manipulating the OOB read to retrieve an interesting kernel address. This is considered a high severity issue in the kernel.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.