Google Pixel Out-of-Bounds Write Vulnerability (CVE-2021-39793)

A local attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-05-02 under CISA BOD 22-01.

This is a Out-of-bounds Write (CWE-787) vulnerability in Google Pixel. In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A Exploitation requires local access, low attack complexity, a low-privilege authenticated account, and no user interaction required.

Probably yes if any of these apply:

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2022-04-11 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2022-05-02.