CVE-2021-0397

CRITICAL

Android - Double Free in sdp_copy_raw_data

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-0397. PoCs published by Satheesh575555.

AI-analyzed exploit summary This repository contains the Fluoride Bluetooth stack source code, including build instructions and documentation. It does not include an exploit PoC but provides the source code for the vulnerable component (CVE-2021-0397).

Description

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148

Exploits (1)

nomisec WRITEUP

by Satheesh575555 · poc

https://github.com/Satheesh575555/System_bt_AOSP10-r33_CVE-2021-0397

View Code ZIP pw:eip

This repository contains the Fluoride Bluetooth stack source code, including build instructions and documentation. It does not include an exploit PoC but provides the source code for the vulnerable component (CVE-2021-0397).

Classification

Writeup 90%

Attack Type

Other

Complexity

Complex

Reliability

Theoretical

Target: Fluoride Bluetooth stack (AOSP10-r33)

No auth needed

Prerequisites: Access to the Bluetooth stack source code · Build environment setup

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/2021-03-01

Scores

CVSS v3 9.8

EPSS 0.0567

EPSS Percentile 92.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-415

Status published

Products (4)

google/android 8.1

google/android 9.0

google/android 10.0

google/android 11.0

Published Mar 10, 2021

Tracked Since Feb 18, 2026