CVE-2021-1048
CVE-2021-1048
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 1.0%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
15 Dec 2021Published on NVD
23 May 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Android's event polling system allows an attacker to corrupt memory by accessing freed data, potentially gaining elevated privileges on the device without needing special permissions or user interaction.
Technical detail
CVE-2021-1048 exploits a use-after-free vulnerability (CWE-416) in ep_loop_check_proc within eventpoll.c, allowing local privilege escalation. The vulnerability requires no additional execution privileges or user interaction; an unprivileged local process can trigger memory corruption by manipulating eventpoll structures after they have been freed.
Summary generated and translated by AI from the official description.
In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · AndroidWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →