CVE-2021-0589 — Out-of-bounds Write in Google Android

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 92.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform System BT Google Android

Timeline

PublishedJul 14

Latest updateMar 14

Description

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180939982

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/androidAndroid-11 Android-8.1 Android-9 Android-10

▶NVDgoogle/android4 versions+3

▶Androidplatform/system_bt8.1:0 — 8.1:2021-07-01+3

🔴Vulnerability Details

GHSA

GHSA-93qx-8mr3-64c8: In BTM_TryAllocateSCN of btm_scn↗2022-05-24

▶

CVEList

CVE-2021-0589: In BTM_TryAllocateSCN of btm_scn↗2021-07-14

▶

OSV

CVE-2021-0589: In BTM_TryAllocateSCN of btm_scn↗2021-07-01

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC↗2024-03-14

▶

Android

CVE-2021-0589: Android Security Bulletin 2021-07-01 CVE: CVE-2021-0589 Severity: HIGH Type: EoP Affected AOSP versions: 8↗2021-07-01

▶