Description
There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134
Scores
CVSS v3
7.5
EPSS
0.0087
EPSS Percentile
53.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-415
Status
published
Products (1)
mi/miui
12.5.2
Published
Apr 22, 2022
Tracked Since
Feb 18, 2026