CVE-2021-0396

CRITICAL

Android <11 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-0396. PoCs published by Satheesh575555.

AI-analyzed exploit summary The repository contains V8 engine source files and build configurations but lacks any exploit code or technical analysis related to CVE-2021-0396. No PoC or vulnerability details are present.

Description

In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106

Exploits (1)

nomisec STUB

by Satheesh575555 · poc

https://github.com/Satheesh575555/external_v8_AOSP10_r33_CVE-2021-0396

View Code ZIP pw:eip

The repository contains V8 engine source files and build configurations but lacks any exploit code or technical analysis related to CVE-2021-0396. No PoC or vulnerability details are present.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: V8 JavaScript Engine (AOSP10_r33)

No auth needed

Prerequisites: None

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/2021-03-01

Scores

CVSS v3 9.8

EPSS 0.0193

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (4)

google/android 8.1

google/android 9.0

google/android 10.0

google/android 11.0

Published Mar 10, 2021

Tracked Since Feb 18, 2026