ID CVE-2021-0326
Summary In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525
References
Vulnerable Configurations
  • cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 7.9 (as of 23-04-2021 - 00:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:A/AC:M/Au:N/C:C/I:C/A:C
Last major update 23-04-2021 - 00:15
Published 10-02-2021 - 17:15
Last modified 23-04-2021 - 00:15
Back to Top