CVE-2021-38784

There is a NULL pointer dereference in the syscall open_exec function of Allwinner R818 SoC Android Q SDK V1.0 that could executable a malicious file to cause a system crash.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Android_q_sdk	Allwinnertech	1.0 (including)	1.0 (including)

Potential Mitigations

References

https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9ASyscall%20open_exec%20has%20Null%20Pointer%20Dereference%20Vulnerability.md
https://vul.wangan.com/a/CNVD-2021-49172
https://www.allwinnertech.com/index.php?c=product\u0026a=index\u0026id=92
https://www.cnvd.org.cn/flaw/show/CNVD-2021-49172
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9ASyscall%20open_exec%20has%20Null%20Pointer%20Dereference%20Vulnerability.md
https://vul.wangan.com/a/CNVD-2021-49172
https://www.allwinnertech.com/index.php?c=product\u0026a=index\u0026id=92
https://www.cnvd.org.cn/flaw/show/CNVD-2021-49172

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-38784
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References