CVE-2021-30282 โ€” Improper Validation of Array Index in Google Android

CWE-129 โ€” Improper Validation of Array Index3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 90.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedJan 3
Latest updateJan 4

Description

Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

โ–ถgooglegoogle/android

๐Ÿ”ดVulnerability Details

1
GHSA
GHSA-3jjh-29mr-6r5q: Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute,โ†—2022-01-04
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Android
CVE-2021-30282: Closed-source componentโ†—2021-12-01
โ–ถ
CVE-2021-30282 โ€” Improper Validation of Array Index | cvebase