PT-2021-13050 · Google · Android
Published
2021-03-10
·
Updated
2021-03-15
·
CVE-2021-0371
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Android versions Android-11
Description:
In the
nci proc rf management ntf function of nci hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Recommendations:
For Android version Android-11, consider applying a patch or fix that addresses the missing bounds check in the
nci proc rf management ntf function to prevent potential local escalation of privilege. As a temporary workaround, consider restricting System execution privileges to minimize the risk of exploitation.Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android