CVE-2021-0396

CRITICAL

Android <11 - RCE

Title source: llm

Description

In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106

Exploits (1)

nomisec STUB

by Satheesh575555 · poc

https://github.com/Satheesh575555/external_v8_AOSP10_r33_CVE-2021-0396

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://source.android.com/security/bulletin/2021-03-01

Scores

CVSS v3 9.8

EPSS 0.0624

EPSS Percentile 90.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (4)

google/android 8.1

google/android 9.0

google/android 10.0

google/android 11.0

Published Mar 10, 2021

Tracked Since Feb 18, 2026