PT-2021-13192 · Google · Android
Published
2021-06-22
·
Updated
2021-06-24
·
CVE-2021-0545
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Android version Android-11
Description:
In the
phNxpNciHal print res status function of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Recommendations:
For Android version Android-11, consider restricting access to the NFC server to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the
phNxpNciHal print res status function in phNxpNciHal.cc may help mitigate the issue.Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android