CVE-2021-38788

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Background service in Allwinner R818 SoC Android Q SDK V1.0 is used to manage background applications. Malicious apps can use the interface provided by the service to set the number of applications allowed to run in the background to 0 and add themselves to the whitelist, so that once other applications enter the background, they will be forcibly stopped by the system, causing a denial of service.

El servicio Background del SDK de Android Q del SoC Allwinner R818 es usada para administrar las aplicaciones en segundo plano. Las aplicaciones maliciosas pueden usar la interfaz proporcionada por el servicio para establecer el número de aplicaciones permitidas para ejecutarse en segundo plano a 0 y añadirse a la lista blanca, de modo que una vez que otras aplicaciones entren en segundo plano, serán detenidas a la fuerza por el sistema, causando una denegación de servicio

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-08-16 CVE Reserved
2022-01-19 CVE Published
2024-08-04 CVE Updated
2024-10-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/Allwinner%20R818%20SoC%EF%BC%9Abackground%20service%20has%20EoP%20Vulnerability.md	Broken Link
https://vul.wangan.com/a/CNVD-2021-46928	Third Party Advisory
https://www.cnvd.org.cn/flaw/show/CNVD-2021-46928	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.allwinnertech.com/index.php?c=product&a=index&id=92	2022-07-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Allwinnertech Search vendor "Allwinnertech"	Android Q Sdk Search vendor "Allwinnertech" for product "Android Q Sdk"	1.0 Search vendor "Allwinnertech" for product "Android Q Sdk" and version "1.0"	-	Affected	in	Allwinnertech Search vendor "Allwinnertech"	R818 Search vendor "Allwinnertech" for product "R818"	*	-	Safe