Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-0318. PoCs published by nanopathi.
AI-analyzed exploit summary This repository contains functional exploit code for CVE-2021-0318, targeting Android's frameworks/native components. The code includes modified versions of system commands (e.g., atrace, bugreportz, dumpstate) that demonstrate the vulnerability, likely involving privilege escalation or arbitrary code execution in the context of system services.
Description
In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968.
Exploits (1)
This repository contains functional exploit code for CVE-2021-0318, targeting Android's frameworks/native components. The code includes modified versions of system commands (e.g., atrace, bugreportz, dumpstate) that demonstrate the vulnerability, likely involving privilege escalation or arbitrary code execution in the context of system services.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H