CVE-2021-0316
published 2021-01-11CVE-2021-0316: In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.06%
85.9th percentile
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-168802990.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | system_bt | >= 10:0 < 10:2021-01-01 | 10:2021-01-01 |
| platform | system_bt | >= 11:0 < 11:2021-01-01 | 11:2021-01-01 |
| platform | system_bt | >= 8.0:0 < 8.0:2021-01-01 | 8.0:2021-01-01 |
| platform | system_bt | >= 8.1:0 < 8.1:2021-01-01 | 8.1:2021-01-01 |
| platform | system_bt | >= 9:0 < 9:2021-01-01 | 9:2021-01-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in avrc_pars_vendor_cmd() function within avrc_pars_tg.cc — monitor Bluetooth AVRCP vendor command parsing for out-of-bounds write attempts ↗
- →Attack vector is Bluetooth with no privileges required and no user interaction — flag anomalous or malformed AVRCP vendor commands from unpaired/untrusted Bluetooth peers ↗
- →Affected Android versions are 8.0, 8.1, 9, 10, and 11 — prioritise detection/patching on unpatched devices running these versions ↗
- →Android internal bug tracker reference A-168802990 can be used to cross-reference patch status in AOSP commits and vendor advisories ↗
- ·CVE-2021-0316 is rated CRITICAL RCE in the System component (Bluetooth/AVRCP stack); exploitation requires only Bluetooth proximity — no pairing, no privileges, no user interaction, making it a zero-click remote attack surface ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wg6f-7wh7-87pc: In avrc_pars_vendor_cmd of avrc_pars_tg
ghsa_unreviewed·2022-05-24
CVE-2021-0316 [CRITICAL] CWE-787 GHSA-wg6f-7wh7-87pc: In avrc_pars_vendor_cmd of avrc_pars_tg
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-168802990.
OSV
CVE-2021-0316: In avrc_pars_vendor_cmd of avrc_pars_tg
osv·2021-01-01
CVE-2021-0316 CVE-2021-0316: In avrc_pars_vendor_cmd of avrc_pars_tg
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2021-0316: Android Security Bulletin 2021-01-01
CVE: CVE-2021-0316
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 8
vendor_android·2021-01-01·CVSS 9.8
CVE-2021-0316 [CRITICAL] CVE-2021-0316: Android Security Bulletin 2021-01-01
CVE: CVE-2021-0316
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 8
Android Security Bulletin 2021-01-01
CVE: CVE-2021-0316
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 8.0, 8.1, 9, 10, 11
References: A-168802990
No detection rules found.
No public exploits indexed.
2021-01-11
Published