CVE-2021-1050 In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed.

This issue does not occur on non-Android devices. On Android, it is necessary to start an application with a privileged component (an app with a higher Android security level) in order to trigger the issue. This issue affects the PowerVR hardware and the PowerVR driver. On Android, thevingr is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.


This issue affects the PowerVR hardware and the PowerVR driver. On Android, the version of thevingr is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.


# Exploitation example


1. Install an application with a higher Android security level (e.g. a privileged application)

2. Start the application via Terminal Emulator or another application with a higher Android security level

3. Profit - EoP












The issue can be exploited by loading a malicious code into an application with a higher Android security level. This could be done by opening an email with malicious attachment or by visiting a malicious website. By loading a malicious code into an application with a higher Android security level, the application will have a higher level of permissions than the user. By starting the application with such a high level of

Affected Devices

The following devices are affected:

* Android One, Nexus 6P, Pixel C and Nexus 5X

Vulnerability example: A malicious application with a higher Android security level

1. Install an application with a higher Android security level (e.g. a privileged application)
2. Start the application via Terminal Emulator or another application with a higher Android security level

Vulnerability Scoring System

The CVE number is generated in the format XXYYZZ. The first two digits indicate the type of vulnerability and are followed by a letter indicating the project. The next four digits indicate the severity of the vulnerability, with higher numbers representing a higher severity. An example would be CVE-2021-1050 which has a score of 4.1 (E).

Timeline

Published on: 11/08/2022 22:15:00 UTC
Last modified on: 11/09/2022 17:19:00 UTC

References