Exploitation Summary
CVE-2021-0956 has been observed exploited in the wild (reported by InTheWild.io).
Description
In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2021-12-01
Scores
CVSS v3
9.8
EPSS
0.0123
EPSS Percentile
65.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
InTheWild.io
2022-01-01
CWE
CWE-787
Status
published
Products (2)
google/android
11.0
google/android
12.0
Published
Dec 15, 2021
Tracked Since
Feb 18, 2026