cbcvebase.
CVE-2021-0316
published 2021-01-11

CVE-2021-0316: In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.06%
85.9th percentile
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-168802990.

Affected

16 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformsystem_bt>= 10:0 < 10:2021-01-0110:2021-01-01
platformsystem_bt>= 11:0 < 11:2021-01-0111:2021-01-01
platformsystem_bt>= 8.0:0 < 8.0:2021-01-018.0:2021-01-01
platformsystem_bt>= 8.1:0 < 8.1:2021-01-018.1:2021-01-01
platformsystem_bt>= 9:0 < 9:2021-01-019:2021-01-01

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in avrc_pars_vendor_cmd() function within avrc_pars_tg.cc — monitor Bluetooth AVRCP vendor command parsing for out-of-bounds write attempts
  • Attack vector is Bluetooth with no privileges required and no user interaction — flag anomalous or malformed AVRCP vendor commands from unpaired/untrusted Bluetooth peers
  • Affected Android versions are 8.0, 8.1, 9, 10, and 11 — prioritise detection/patching on unpatched devices running these versions
  • Android internal bug tracker reference A-168802990 can be used to cross-reference patch status in AOSP commits and vendor advisories
  • ·CVE-2021-0316 is rated CRITICAL RCE in the System component (Bluetooth/AVRCP stack); exploitation requires only Bluetooth proximity — no pairing, no privileges, no user interaction, making it a zero-click remote attack surface

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.