CVE-2021-39806

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-39806

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39806.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-39806

Aliases

A-215387420
PUB-A-215387420

Withdrawn

2026-05-04T08:35:18.026630Z

Published

2022-06-15T14:15:11.060Z

Modified

2026-05-04T08:35:18.026630Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In closef of labelbackendsandroid.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420

References

https://source.android.com/security/bulletin/pixel/2022-06-01

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39806.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.1"
            }
        ]
    }
]