Published: 11/02/2022 Updated: 17/02/2022

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205729183

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 12.0

Critical 'remote escalation' flaw in Android 12 fixed in Feb security patch batch

The Register • Liam Proven in Prague • 01 Jan 1970

Get our weekly newsletter This is the final software update from Google for the Pixel 3, 3 XL, too

The February edition of Google's monthly Android security update tackles, among other vulnerabilities, an eyebrow-raising critical flaw in Android 12. That bug, CVE-2021-39675, is present in the mobile OS's System component, and can be abused to achieve remote escalation of privilege without the user needing to do anything at all, and "with no additional execution privileges needed," as Google cryptically put it. The web giant hasn't revealed much more info about the vulnerability, though it ref...

CVE-2021-39675

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect