CVE-2021-0956

CRITICAL IN THE WILD

Android <11,12 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-0956 has been observed exploited in the wild (reported by InTheWild.io).

Description

In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0123
EPSS Percentile 65.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

InTheWild.io 2022-01-01
CWE
CWE-787
Status published
Products (2)
google/android 11.0
google/android 12.0
Published Dec 15, 2021
Tracked Since Feb 18, 2026