CVE-2021-0703

MEDIUM

Android 11 - Use-After-Free in SecondStageMain

Title source: llm
STIX 2.1

Description

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2021-10-01

Scores

CVSS v3 6.8
EPSS 0.0012
EPSS Percentile 2.5%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
google/android 11.0
Published Oct 22, 2021
Tracked Since Feb 18, 2026