Lucene search

Google_androidCVELIST:CVE-2021-0311

HistoryJan 11, 2021 - 9:48 p.m.

CVE-2021-0311

2021-01-1121:48:15

google_android

www.cve.org

elementarystreamqueue

bounds check

remote information disclosure

android-9

android-10

android-11

android-8.0

android-8.1

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170240631.

CNA Affected

[
  {
    "product": "Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android-9"
      },
      {
        "status": "affected",
        "version": "Android-10"
      },
      {
        "status": "affected",
        "version": "Android-11"
      },
      {
        "status": "affected",
        "version": "Android-8.0"
      },
      {
        "status": "affected",
        "version": "Android-8.1"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2021-01-01