CVE-2021-0701

2023-06-1500:00:00

google_android

www.cve.org

powervr

kernel driver

integer overflow

vulnerability

local privilege escalation

heap access

out-of-bounds

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

47.1%

JSON

In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Android",
    "versions": [
      {
        "version": "Android SoC",
        "status": "affected"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2023-06-01