Cyber Resilience

CVE-2021-1048

HighCISA KEVActive ExploitationEUVD Exploited

Published: 15 December 2021

Published
15 December 2021
Modified
23 October 2025
KEV Added
23 May 2022
Patch
01 November 2021
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0091 76.3th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-1048 is a high-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 23.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).

Deeper analysis

The vulnerability is a use-after-free flaw in the ep_loop_check_proc function of eventpoll.c within the Android kernel, tracked under Android ID A-204573007 and assigned CWE-416. It affects Android kernel versions and can result in memory corruption. The issue was reported with an upstream kernel reference and carries a CVSS 3.1 base score of 7.8.

A local attacker with existing user privileges on an affected Android device can trigger the flaw without requiring additional execution rights or user interaction, enabling escalation to higher privileges through memory corruption.

The primary advisory reference is the Android security bulletin dated 2021-11-01, which addresses the issue for supported Android kernel versions. The vulnerability is also catalogued by CISA among known exploited vulnerabilities, indicating confirmed real-world exploitation activity.

EU & UK References

Vulnerability details

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

more

Android kernelAndroid ID: A-204573007References: Upstream kernel

CWE(s)
KEV Date Added
23 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

google
android
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements memory protection mechanisms that block use-after-free corruption in kernel structures such as ep_loop_check_proc.

prevent

Enforces process isolation boundaries that limit the blast radius of kernel memory corruption to the affected process and prevent escalation.

prevent

Restricts privileges assigned to user processes, reducing the ability of a local attacker to leverage the UAF flaw for root-level access.

References