{"id":"ASB-A-168802990", "published":"2021-01-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0316", "A-168802990"], "details":"In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2021-01-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"], "severity":"Critical", "spl":"2021-01-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"124405311670877030883599687544204952", "length":6883}, "id":"ASB-A-168802990-4d3523c5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_pars_vendor_cmd"}}, {"deprecated":false, "digest":{"line_hashes":["304297521142496603265053671498398544393", "196849927725121048719279673018861978368", "310733482542310402760765843212954607050", "22515287008392193236497768212461137106"], "threshold":0.9}, "id":"ASB-A-168802990-d85464e0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-01-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"], "severity":"Critical", "spl":"2021-01-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["304297521142496603265053671498398544393", "196849927725121048719279673018861978368", "310733482542310402760765843212954607050", "22515287008392193236497768212461137106"], "threshold":0.9}, "id":"ASB-A-168802990-ebd28ce2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}, {"deprecated":false, "digest":{"function_hash":"124405311670877030883599687544204952", "length":6883}, "id":"ASB-A-168802990-ec3fda42", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_pars_vendor_cmd"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-01-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"], "severity":"Critical", "spl":"2021-01-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"124405311670877030883599687544204952", "length":6883}, "id":"ASB-A-168802990-1e77f619", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_pars_vendor_cmd"}}, {"deprecated":false, "digest":{"line_hashes":["304297521142496603265053671498398544393", "196849927725121048719279673018861978368", "310733482542310402760765843212954607050", "22515287008392193236497768212461137106"], "threshold":0.9}, "id":"ASB-A-168802990-2752028e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-01-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"], "severity":"Critical", "spl":"2021-01-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["304297521142496603265053671498398544393", "196849927725121048719279673018861978368", "310733482542310402760765843212954607050", "22515287008392193236497768212461137106"], "threshold":0.9}, "id":"ASB-A-168802990-906a3e07", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}, {"deprecated":false, "digest":{"function_hash":"124405311670877030883599687544204952", "length":6883}, "id":"ASB-A-168802990-cdcf762b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_pars_vendor_cmd"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-01-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"], "severity":"Critical", "spl":"2021-01-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"124405311670877030883599687544204952", "length":6883}, "id":"ASB-A-168802990-049b8cd4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_pars_vendor_cmd"}}, {"deprecated":false, "digest":{"line_hashes":["304297521142496603265053671498398544393", "196849927725121048719279673018861978368", "310733482542310402760765843212954607050", "22515287008392193236497768212461137106"], "threshold":0.9}, "id":"ASB-A-168802990-886b571a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-01-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"}]}