VDB
CVE-2021-28664
CVE-2021-28664
PUBLISHED
KEV
In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302616
EPSS 0.33% · 56.2th percentile
Risk Scores
EPSS Score
0.33%
56.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Android | Android-11 |
Exploit Intelligence
- https://source.android.com/security/bulletin/2021-05-01 (circl)
- Writes to read-only memory in Mali GPU (ARM Android) (gpz)
- Writes to read-only memory in Mali GPU (ARM Android) (gpz)
- Writes to read-only memory in Mali GPU (ARM Android) (gpz)
- Writes to read-only memory in Mali GPU (ARM Android) (gpz)
- Writes to read-only memory in Mali GPU (ARM Android) (gpz)
- Writes to read-only memory in Mali GPU (ARM Android) (gpz)
- kev.json (github-poc)
- kev.json (github-poc)
- kev.json (github-poc)
…and 7 more exploits
Timeline
- May 3, 2021 PoC Published
- May 4, 2021 CVE Published
- May 11, 2021 EPSS Score
- Jun 19, 2021 EPSS Score
- Jun 24, 2021 EPSS Score
- Sep 14, 2021 EPSS Score
- Nov 3, 2021 CISA KEV Added
- Nov 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 15, 2022 EPSS Score
- Mar 18, 2022 EPSS Score
- Apr 1, 2022 EPSS Score