PT-2020-1249 · Google+7 · Android+7

Published

2020-06-06

Updated

2024-06-15

CVE-2021-0308

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions Android-8.0 through Android-11

Description The issue is related to a possible out of bounds write in the ReadLogicalParts function of basicmbr.cc due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. The vulnerability may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For Android versions Android-8.0 through Android-11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2022:7700

ALT-PU-2021-3174

ALT-PU-2022-2831

ASB-A-158063095

BDU:2023-01696

CESA-2022_7700

CVE-2021-0308

DLA-2549-1

MGASA-2021-0073

OPENSUSE-SU-2024:10816-1

RHSA-2022:7700

RHSA-2022_7700

RHSA-2024:3486

RLSA-2022:7700

USN-5262-1

Affected Products

Alt Linux

Almalinux

Android

Astra Linux

Centos

Red Hat

Rocky Linux

Ubuntu

PT-2020-1249 · Google+7 · Android+7

CVE-2021-0308

Weakness Enumeration

Related Identifiers

Affected Products

References · 46