CVE-2021-1027

HIGH Year: 2021
CVSS v3 Score
7.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-704
View all →

Vulnerability Description

In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193033243

Related Vulnerabilities

CVE-2014-9627

HIGH
CVSS:7.8(High)

The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows rem...

CWE-7042014

CVE-2016-4709

HIGH
CVSS:7.8(High)

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.

CWE-7042016

CVE-2016-4710

HIGH
CVSS:7.8(High)

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.

CWE-7042016

CVE-2016-7617

HIGH
CVSS:7.8(High)

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context...

CWE-7042016

CVE-2016-7655

HIGH
CVSS:7.8(High)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users ...

CWE-7042016

CVE-2016-8602

HIGH
CVSS:7.8(High)

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript...

CWE-7042016