← back
CVE-2021-1048

CVE-2021-1048

CVSS 7.8 HIGHEPSS 1.0%● KEVCWE-416
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 1.0%KEV simPoC Nuclei Metasploit Patch
Lifecycle
15 Dec 2021Published on NVD
23 May 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Android's event polling system allows an attacker to corrupt memory by accessing freed data, potentially gaining elevated privileges on the device without needing special permissions or user interaction.

Technical detail

CVE-2021-1048 exploits a use-after-free vulnerability (CWE-416) in ep_loop_check_proc within eventpoll.c, allowing local privilege escalation. The vulnerability requires no additional execution privileges or user interaction; an unprivileged local process can trigger memory corruption by manipulating eventpoll structures after they have been freed.

Summary generated and translated by AI from the official description.
In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Android

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →