CVE-2021-35068 — NULL Pointer Dereference in Google Android

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 54.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedFeb 11

Latest updateFeb 12

Description

Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶googlegoogle/android

Patches

Patch: www.qualcomm.com ↗Patch: www.qualcomm.com ↗

🔴Vulnerability Details

GHSA

GHSA-5x7h-3m5j-hrpm: Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto↗2022-02-12

▶

📋Vendor Advisories

Android

CVE-2021-35068: Bluetooth↗2022-02-01

▶