ID

VAR-202210-0350


CVE

CVE-2021-0696


TITLE

Google  of  Android  Race condition vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018908

DESCRIPTION

In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778. Google of Android contains a race condition vulnerability and a use of already freed memory vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smart phone of Google (Google). There is a security vulnerability in Google Pixel

Trust: 2.16

sources: NVD: CVE-2021-0696 // JVNDB: JVNDB-2022-018908 // CNVD: CNVD-2022-91580

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-91580

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.8

vendor:googlemodel:androidscope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2022-91580 // JVNDB: JVNDB-2022-018908 // NVD: CVE-2021-0696

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0696
value: HIGH

Trust: 1.0

NVD: CVE-2021-0696
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-91580
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202210-107
value: HIGH

Trust: 0.6

CNVD: CNVD-2022-91580
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-0696
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-0696
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-91580 // JVNDB: JVNDB-2022-018908 // CNNVD: CNNVD-202210-107 // NVD: CVE-2021-0696

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.0

problemtype:CWE-416

Trust: 1.0

problemtype:Race condition (CWE-362) [NVD evaluation ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018908 // NVD: CVE-2021-0696

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-107

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202210-107

EXTERNAL IDS

db:NVDid:CVE-2021-0696

Trust: 3.8

db:JVNDBid:JVNDB-2022-018908

Trust: 0.8

db:CNVDid:CNVD-2022-91580

Trust: 0.6

db:CNNVDid:CNNVD-202210-107

Trust: 0.6

sources: CNVD: CNVD-2022-91580 // JVNDB: JVNDB-2022-018908 // CNNVD: CNNVD-202210-107 // NVD: CVE-2021-0696

REFERENCES

url:https://source.android.com/security/bulletin/2022-10-01

Trust: 2.4

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2022-39447

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-0696

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-0696/

Trust: 0.6

sources: CNVD: CNVD-2022-91580 // JVNDB: JVNDB-2022-018908 // CNNVD: CNNVD-202210-107 // NVD: CVE-2021-0696

SOURCES

db:CNVDid:CNVD-2022-91580
db:JVNDBid:JVNDB-2022-018908
db:CNNVDid:CNNVD-202210-107
db:NVDid:CVE-2021-0696

LAST UPDATE DATE

2024-08-14T14:10:32.299000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-91580date:2022-12-30T00:00:00
db:JVNDBid:JVNDB-2022-018908date:2023-10-23T08:15:00
db:CNNVDid:CNNVD-202210-107date:2022-10-14T00:00:00
db:NVDid:CVE-2021-0696date:2022-10-13T02:40:42.673

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-91580date:2022-12-30T00:00:00
db:JVNDBid:JVNDB-2022-018908date:2023-10-23T00:00:00
db:CNNVDid:CNNVD-202210-107date:2022-10-03T00:00:00
db:NVDid:CVE-2021-0696date:2022-10-11T20:15:10.637