Google Android 20200335 sss_ice_util.c copy_from_mbox 内存损坏

字段2022-01-15 07時47分2022-01-19 11時35分
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
identifierA-202003354A-202003354
urlhttps://source.android.com/security/bulletin/pixel/2022-01-01https://source.android.com/security/bulletin/pixel/2022-01-01
namePatchPatch
cveCVE-2021-39683CVE-2021-39683
cve_assigned1629669600 (2021-08-23)1629669600 (2021-08-23)
vendorGoogleGoogle
nameAndroidAndroid
version2020033520200335
filesss_ice_util.csss_ice_util.c
functioncopy_from_mboxcopy_from_mbox
cwe787 (内存损坏)787 (内存损坏)
risk22
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prHH
date1642201200 (2022-01-15)1642201200 (2022-01-15)
typeSmartphone Operating SystemSmartphone Operating System
cvss2_vuldb_avLL
cvss2_vuldb_acLL
cvss2_vuldb_auMM
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore4.04.0
cvss2_vuldb_tempscore3.53.5
cvss3_vuldb_basescore4.24.2
cvss3_vuldb_tempscore4.04.0
cvss3_meta_basescore4.24.2
cvss3_meta_tempscore4.04.0
price_0day$5k-$25k$5k-$25k
price_trend++
cve_nvd_summaryIn copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A

Do you need the next level of professionalism?

Upgrade your account now!