CVE-2021-0870

Name of the Vulnerable Software and Affected Versions Android versions 8.1 through 11

Description The issue is related to a possible memory corruption due to a race condition in the RW SetActivatedTagType function of rw main.cc. This could lead to remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. The problem affects various components, including the operating system, runtime environment, Media Framework, Framework, and System, allowing for privilege escalation, information disclosure, and denial of service.

Recommendations For Android versions 8.1 through 11, update to the latest version that includes the security patches released on October 1 and 5, 2021, to resolve the issue. As a temporary workaround, consider restricting access to vulnerable components until a patch is available.