CVE-2021-0456

Name of the Vulnerable Software and Affected Versions: Android kernel

Description: The issue is related to a possible out of bounds write due to a missing bounds check in the Citadel chip firmware. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. The vulnerability is also described as a buffer overflow in the Titan M security module of the Android operating system, which can allow an attacker to elevate their privileges.

Recommendations: For Android kernel, consider applying a patch or fix that addresses the missing bounds check in the Citadel chip firmware to prevent out of bounds write and potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.