CVE Vulnerabilities

CVE-2021-25477

Double Free

Published: Oct 06, 2021 | Modified: Oct 13, 2021
CVSS 3.x
4.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Android Google 9.0 9.0
Android Google 10.0 10.0
Android Google 11.0 11.0

Potential Mitigations

References