{"id":"ASB-A-174149901", "published":"2021-04-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0431", "A-174149901"], "details":"In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-04-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0f447e4fffc45b10d29e1cfcc2eb66067abaf034"], "severity":"High", "spl":"2021-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["25691793736011755144675238646456011203", "213051613258159687891157273033913211463", "199865173318442732021864401992381161092", "181915817969334015180679003080769794327"], "threshold":0.9}, "id":"ASB-A-174149901-64fa8f9c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0f447e4fffc45b10d29e1cfcc2eb66067abaf034", "target":{"file":"stack/avrc/avrc_api.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-04-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0f447e4fffc45b10d29e1cfcc2eb66067abaf034"], "severity":"High", "spl":"2021-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["25691793736011755144675238646456011203", "213051613258159687891157273033913211463", "199865173318442732021864401992381161092", "181915817969334015180679003080769794327"], "threshold":0.9}, "id":"ASB-A-174149901-549da8fa", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0f447e4fffc45b10d29e1cfcc2eb66067abaf034", "target":{"file":"stack/avrc/avrc_api.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-04-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0f447e4fffc45b10d29e1cfcc2eb66067abaf034"], "severity":"High", "spl":"2021-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["25691793736011755144675238646456011203", "213051613258159687891157273033913211463", "199865173318442732021864401992381161092", "181915817969334015180679003080769794327"], "threshold":0.9}, "id":"ASB-A-174149901-20a3c35f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0f447e4fffc45b10d29e1cfcc2eb66067abaf034", "target":{"file":"stack/avrc/avrc_api.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-04-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0f447e4fffc45b10d29e1cfcc2eb66067abaf034"], "severity":"High", "spl":"2021-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["25691793736011755144675238646456011203", "213051613258159687891157273033913211463", "199865173318442732021864401992381161092", "181915817969334015180679003080769794327"], "threshold":0.9}, "id":"ASB-A-174149901-a14946a2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0f447e4fffc45b10d29e1cfcc2eb66067abaf034", "target":{"file":"stack/avrc/avrc_api.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/20305ba196a82d003811bbdf51fb978cd8315ba8"}]}