CVE-2021-0703

MEDIUM Year: 2021
CVSS v3 Score
6.8
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-416
View all →

Vulnerability Description

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329

Related Vulnerabilities

CVE-2019-19527

MEDIUM
CVSS:6.8(Medium)

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.

CWE-4162019

CVE-2019-19531

MEDIUM
CVSS:6.8(Medium)

In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.

CWE-4162019

CVE-2020-5376

MEDIUM
CVSS:6.8(Medium)

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the...

CWE-4162020

CVE-2020-5378

MEDIUM
CVSS:6.8(Medium)

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the...

CWE-4162020

CVE-2021-21775

MEDIUM
CVSS:6.8(Medium)

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak ...

CWE-4162021

CVE-2021-21779

MEDIUM
CVSS:6.8(Medium)

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further ...

CWE-4162021