Vulnerability CVE-2021-38787
Published: 2022-01-19

Description:
There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd "COMPAT_ION_IOC_SUNXI_FLUSH_RANGE" to cause a system crash (denial of service).

Type:

CWE-190

 (Integer Overflow or Wraparound)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
https://www.cnvd.org.cn/flaw/show/CNVD-2021-49171
https://www.allwinnertech.com/index.php?c=product&a=index&id=92
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9AION%20Driver%20Integer%20Overflow.md
https://vul.wangan.com/a/CNVD-2021-49171
Copyright 2024, cxsecurity.com

 

Back to Top