CVE-2021-0589

HIGH

Android -11,8.1,9,10 - Privilege Escalation

Title source: llm

Description

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180939982

Exploits (2)

nomisec WRITEUP

by Satheesh575555 · poc

https://github.com/Satheesh575555/system_bt_AOSP10_r33_CVE-2021-0589

View Code ZIP pw:eip

nomisec WRITEUP

by Trinadh465 · poc

https://github.com/Trinadh465/System_bt_AOSP10_r33_CVE-2021-0589

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/2021-07-01

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 8.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (4)

google/android 8.1

google/android 9.0

google/android 10.0

google/android 11.0

Published Jul 14, 2021

Tracked Since Feb 18, 2026