Lucene search

[email protected]CVE-2021-38785

HistoryJan 18, 2022 - 2:15 p.m.

CVE-2021-38785

2022-01-1814:15:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2021-38785

allwinner r818

android q

sdk v1.0

camera driver

null pointer deference

ioctl cmd

ioctl_get_iommu_addr

system crash

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

74.2%

JSON

There is a NULL pointer deference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedar_dev that could use the ioctl cmd IOCTL_GET_IOMMU_ADDR to cause a system crash.

CPENameOperatorVersion
allwinnertech:android_q_sdkallwinnertech android q sdkeq1.0

CPE	Name	Operator	Version
allwinnertech:android_q_sdk	allwinnertech android q sdk	eq	1.0

References

github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9ACamera%20Driver%20has%20Null%20Pointer%20Dereference%20Vulnerability.md

vul.wangan.com/a/CNVD-2021-49170

www.allwinnertech.com/index.php?c=product&a=index&id=92

www.cnvd.org.cn/flaw/show/CNVD-2021-49170

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for CVE-2021-38785

cvelist1 cnvd1 prion1