PT-2021-1507 · Google+7 · Android+7

Published

2021-02-01

Updated

2024-06-15

CVE-2021-0326

CVSS v2.0

7.9

High

Vector

AV:A/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Android versions Android-8.1 through Android-11

Description: The issue is related to a possible out of bounds write in the p2p copy client info function of the p2p.c file due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations: For Android versions Android-8.1 through Android-11, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ASB-A-172937525

CESA-2021_1686

CVE-2021-0326

DLA-2572-1

DSA-4898-1

MGASA-2021-0075

OESA-2021-1364

OPENSUSE-SU-2021:0284-1

OPENSUSE-SU-2021_0284-1

OPENSUSE-SU-2024:11515-1

RHSA-2021:1686

RHSA-2021_1686

RLSA-2021:1686

SUSE-SU-2021:0443-1

SUSE-SU-2021:0477-1

SUSE-SU-2021:0478-1

SUSE-SU-2021_0443-1

SUSE-SU-2021_0477-1

USN-4734-1

USN-4734-2

Affected Products

Android

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2021-1507 · Google+7 · Android+7

CVE-2021-0326

Weakness Enumeration

Related Identifiers

Affected Products

References · 71