CVE-2021-0308Out-of-bounds Write in Google Android

CWE-787Out-of-bounds Write8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 76.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Platform External GptfdiskDebian GdiskGoogle Android+1 more
Timeline
PublishedJan 11
Latest updateMay 24

Description

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages5 packages

CVEListV5google/android5 versions+4
NVDgoogle/android5 versions+4
debiandebian/gdisk< gdisk 1.0.6-1 (bookworm)
Androidplatform/external_gptfdisk8.0:08.0:2021-01-01+4

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-gxqw-x97w-h62r: In ReadLogicalParts of basicmbr2022-05-24
OSV
CVE-2021-0308: In ReadLogicalParts of basicmbr2021-01-11
OSV
CVE-2021-0308: In ReadLogicalParts of basicmbr2021-01-01

📋Vendor Advisories

4
Red Hat
gdisk: possible out-of-bounds-write in ReadLogicalParts of basicmbr.cc2022-02-04
Ubuntu
GPT fdisk vulnerabilities2022-02-03
Android
CVE-2021-0308: Android Security Bulletin 2021-01-01 CVE: CVE-2021-0308 Severity: HIGH Type: EoP Affected AOSP versions: 82021-01-01
Debian
CVE-2021-0308: gdisk - In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due ...2021
CVE-2021-0308 — Out-of-bounds Write in Google Android | cvebase