CVE-2021-0945

2023-06-1500:00:00

google_android

www.cve.org

cve-2021-0945

pmrcreate

missing bounds check

heap memory

physmemnewrambackedpmr

local escalation of privilege

no user interaction

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

47.1%

JSON

In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Android",
    "versions": [
      {
        "version": "Android SoC",
        "status": "affected"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2023-06-01