CVE-2021-0947

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue arises from the method PVRSRVBridgeTLDiscoverStreams, which allocates a buffer on the heap and fills it via TLServerDiscoverStreamsKM. If TLServerDiscoverStreamsKM fails due to reasons like invalid sizes, the buffer remains uninitialized but is still copied to userspace, leading to a kernel leak of uninitialized heap data. This can occur without requiring any privileges.

Recommendations For Android versions prior to the fixed version, consider restricting access to the TLServerDiscoverStreamsKM method until a patch is available. As a temporary workaround, disabling the PVRSRVBridgeTLDiscoverStreams method may help minimize the risk of exploitation.