{"id":"ASB-A-174150451", "published":"2021-04-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2021-0435", "A-174150451"], "details":"In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-04-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/8d461a866a12cd3d7d6d68551a5d2a7139fab2b9"], "severity":"High", "spl":"2021-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["234731378143251965468061532815581472551", "167774733209960506572467443926203491903", "47802622381427373253647455478457623346", "48330210889850056886396232568450657951"], "threshold":0.9}, "id":"ASB-A-174150451-74215a8a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/8d461a866a12cd3d7d6d68551a5d2a7139fab2b9", "target":{"file":"stack/avrc/avrc_bld_tg.cc"}}, {"deprecated":false, "digest":{"line_hashes":["25826080849010929453199241606739219817", "102699952416098053887376505143307429909", "143806720553538244026322564558936295054", "164986021732157641338903864090109453599", "301897657201426727004466536346062316563", "235051942682550393409806500189940635228", "335461943414066905902007995014316866781", "17672392233449697628085473547180750898", "283758634364552150370415211695472900701", "328828160620845234744149755929506441462", "2473565245579495761465996430830724257", "237534467320708155262103903879152969563", "92281194400390846616166060402022375024", "273786359158106482533735481861079682424", "2473565245579495761465996430830724257"], "threshold":0.9}, "id":"ASB-A-174150451-7a9d3afa", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/8d461a866a12cd3d7d6d68551a5d2a7139fab2b9", "target":{"file":"stack/avrc/avrc_opt.cc"}}, {"deprecated":false, "digest":{"line_hashes":["212232968038250104482858979702624275750", "287953352903989519456069944207679403882", "14845834421420998534332396403871764925", "86765202564817590807824327682356097034", "8506577065875201243658029685407892248", "153830244189308337431089565302096752200", "73574399449172278035838437690423107102", "63857392560911243568061870531660418492", "96243532706110030824140961784393634458", "229509219505541565945915529457539584181", "319773369222130466408546408420315488895", "147819627739377103061854328410232522877"], "threshold":0.9}, "id":"ASB-A-174150451-9c01d0da", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/8d461a866a12cd3d7d6d68551a5d2a7139fab2b9", "target":{"file":"stack/avrc/avrc_pars_ct.cc"}}, {"deprecated":false, "digest":{"line_hashes":["192017400156636417478041847225283769262", "204933172455221844431769346722526320436", "128025510019479700929535966870254602330", "106559417459498412872629760774672706722"], "threshold":0.9}, "id":"ASB-A-174150451-9e02d8c6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/8d461a866a12cd3d7d6d68551a5d2a7139fab2b9", "target":{"file":"stack/avrc/avrc_bld_ct.cc"}}, {"deprecated":false, "digest":{"line_hashes":["281586568184723237172444381729300620204", "306697745755003438563806121171698237921", "246586741718193978242302054708553414208", "26712992996311895937855388050883467232", "54956135029244385601389859387513915205", "271920638373074614745749988322912009199", "38460664457821042895159081114458950003", "115501079431548383753885003523860011552", "260753540820306009469377490923685320691", "200185611935206458241668081075162626223", "212032984932251426289010321427003686672", "85944363988905834904253026670568579462", "108257629627401211972918736109316858296", "216950027845380205798371590433193650133", "259995555082482069524698370838857702055", "205609846645742308176480653515058253116", "114168609634170520250270269816526217257", "204378047892081571998556994878344192203", "289073611432386177713347243982592391836", "43529288571653165473129009061182640404"], "threshold":0.9}, "id":"ASB-A-174150451-ba34beb7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/8d461a866a12cd3d7d6d68551a5d2a7139fab2b9", "target":{"file":"stack/avrc/avrc_api.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-04-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c"], "severity":"High", "spl":"2021-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["234731378143251965468061532815581472551", "167774733209960506572467443926203491903", "47802622381427373253647455478457623346", "48330210889850056886396232568450657951"], "threshold":0.9}, "id":"ASB-A-174150451-0ccf6ce1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_bld_tg.cc"}}, {"deprecated":false, "digest":{"line_hashes":["192017400156636417478041847225283769262", "204933172455221844431769346722526320436", "128025510019479700929535966870254602330", "106559417459498412872629760774672706722"], "threshold":0.9}, "id":"ASB-A-174150451-269a6c55", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_bld_ct.cc"}}, {"deprecated":false, "digest":{"line_hashes":["281586568184723237172444381729300620204", "306697745755003438563806121171698237921", "246586741718193978242302054708553414208", "26712992996311895937855388050883467232", "54956135029244385601389859387513915205", "271920638373074614745749988322912009199", "38460664457821042895159081114458950003", "115501079431548383753885003523860011552", "260753540820306009469377490923685320691", "200185611935206458241668081075162626223", "212032984932251426289010321427003686672", "85944363988905834904253026670568579462", "108257629627401211972918736109316858296", "216950027845380205798371590433193650133", "259995555082482069524698370838857702055", "205609846645742308176480653515058253116", "114168609634170520250270269816526217257", "204378047892081571998556994878344192203", "289073611432386177713347243982592391836", "43529288571653165473129009061182640404"], "threshold":0.9}, "id":"ASB-A-174150451-43571dba", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_api.cc"}}, {"deprecated":false, "digest":{"line_hashes":["195777170528215756133034883432980774837", "82158292724028221019740140516383577821", "29249664797217387640288612680381725591", "51246449051180649641476430904217421430", "17672392233449697628085473547180750898", "283758634364552150370415211695472900701", "328828160620845234744149755929506441462", "2473565245579495761465996430830724257", "237534467320708155262103903879152969563", "92281194400390846616166060402022375024", "273786359158106482533735481861079682424", "2473565245579495761465996430830724257"], "threshold":0.9}, "id":"ASB-A-174150451-767f098f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_opt.cc"}}, {"deprecated":false, "digest":{"line_hashes":["212232968038250104482858979702624275750", "287953352903989519456069944207679403882", "14845834421420998534332396403871764925", "86765202564817590807824327682356097034", "8506577065875201243658029685407892248", "153830244189308337431089565302096752200", "73574399449172278035838437690423107102", "63857392560911243568061870531660418492", "96243532706110030824140961784393634458", "229509219505541565945915529457539584181", "319773369222130466408546408420315488895", "147819627739377103061854328410232522877"], "threshold":0.9}, "id":"ASB-A-174150451-efeddce6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_pars_ct.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-04-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c"], "severity":"High", "spl":"2021-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["212232968038250104482858979702624275750", "287953352903989519456069944207679403882", "14845834421420998534332396403871764925", "86765202564817590807824327682356097034", "8506577065875201243658029685407892248", "153830244189308337431089565302096752200", "73574399449172278035838437690423107102", "63857392560911243568061870531660418492", "96243532706110030824140961784393634458", "229509219505541565945915529457539584181", "319773369222130466408546408420315488895", "147819627739377103061854328410232522877"], "threshold":0.9}, "id":"ASB-A-174150451-14462885", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_pars_ct.cc"}}, {"deprecated":false, "digest":{"line_hashes":["234731378143251965468061532815581472551", "167774733209960506572467443926203491903", "47802622381427373253647455478457623346", "48330210889850056886396232568450657951"], "threshold":0.9}, "id":"ASB-A-174150451-3f734440", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_bld_tg.cc"}}, {"deprecated":false, "digest":{"line_hashes":["281586568184723237172444381729300620204", "306697745755003438563806121171698237921", "246586741718193978242302054708553414208", "26712992996311895937855388050883467232", "54956135029244385601389859387513915205", "271920638373074614745749988322912009199", "38460664457821042895159081114458950003", "115501079431548383753885003523860011552", "260753540820306009469377490923685320691", "200185611935206458241668081075162626223", "212032984932251426289010321427003686672", "85944363988905834904253026670568579462", "108257629627401211972918736109316858296", "216950027845380205798371590433193650133", "259995555082482069524698370838857702055", "205609846645742308176480653515058253116", "114168609634170520250270269816526217257", "204378047892081571998556994878344192203", "289073611432386177713347243982592391836", "43529288571653165473129009061182640404"], "threshold":0.9}, "id":"ASB-A-174150451-423e07a0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_api.cc"}}, {"deprecated":false, "digest":{"line_hashes":["195777170528215756133034883432980774837", "82158292724028221019740140516383577821", "29249664797217387640288612680381725591", "51246449051180649641476430904217421430", "17672392233449697628085473547180750898", "283758634364552150370415211695472900701", "328828160620845234744149755929506441462", "2473565245579495761465996430830724257", "237534467320708155262103903879152969563", "92281194400390846616166060402022375024", "273786359158106482533735481861079682424", "2473565245579495761465996430830724257"], "threshold":0.9}, "id":"ASB-A-174150451-6b451b30", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_opt.cc"}}, {"deprecated":false, "digest":{"line_hashes":["192017400156636417478041847225283769262", "204933172455221844431769346722526320436", "128025510019479700929535966870254602330", "106559417459498412872629760774672706722"], "threshold":0.9}, "id":"ASB-A-174150451-d141a8aa", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_bld_ct.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-04-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c"], "severity":"High", "spl":"2021-04-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["212232968038250104482858979702624275750", "287953352903989519456069944207679403882", "14845834421420998534332396403871764925", "86765202564817590807824327682356097034", "8506577065875201243658029685407892248", "153830244189308337431089565302096752200", "73574399449172278035838437690423107102", "63857392560911243568061870531660418492", "96243532706110030824140961784393634458", "229509219505541565945915529457539584181", "319773369222130466408546408420315488895", "147819627739377103061854328410232522877"], "threshold":0.9}, "id":"ASB-A-174150451-03cf303e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_pars_ct.cc"}}, {"deprecated":false, "digest":{"line_hashes":["192017400156636417478041847225283769262", "204933172455221844431769346722526320436", "128025510019479700929535966870254602330", "106559417459498412872629760774672706722"], "threshold":0.9}, "id":"ASB-A-174150451-29ec9366", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_bld_ct.cc"}}, {"deprecated":false, "digest":{"line_hashes":["195777170528215756133034883432980774837", "82158292724028221019740140516383577821", "29249664797217387640288612680381725591", "51246449051180649641476430904217421430", "17672392233449697628085473547180750898", "283758634364552150370415211695472900701", "328828160620845234744149755929506441462", "2473565245579495761465996430830724257", "237534467320708155262103903879152969563", "92281194400390846616166060402022375024", "273786359158106482533735481861079682424", "2473565245579495761465996430830724257"], "threshold":0.9}, "id":"ASB-A-174150451-a2686563", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_opt.cc"}}, {"deprecated":false, "digest":{"line_hashes":["281586568184723237172444381729300620204", "306697745755003438563806121171698237921", "246586741718193978242302054708553414208", "26712992996311895937855388050883467232", "54956135029244385601389859387513915205", "271920638373074614745749988322912009199", "38460664457821042895159081114458950003", "115501079431548383753885003523860011552", "260753540820306009469377490923685320691", "200185611935206458241668081075162626223", "212032984932251426289010321427003686672", "85944363988905834904253026670568579462", "108257629627401211972918736109316858296", "216950027845380205798371590433193650133", "259995555082482069524698370838857702055", "205609846645742308176480653515058253116", "114168609634170520250270269816526217257", "204378047892081571998556994878344192203", "289073611432386177713347243982592391836", "43529288571653165473129009061182640404"], "threshold":0.9}, "id":"ASB-A-174150451-a6802041", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_api.cc"}}, {"deprecated":false, "digest":{"line_hashes":["234731378143251965468061532815581472551", "167774733209960506572467443926203491903", "47802622381427373253647455478457623346", "48330210889850056886396232568450657951"], "threshold":0.9}, "id":"ASB-A-174150451-d672039e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/41584e84a3288d4dc9770773fa3db81df209ae4c", "target":{"file":"stack/avrc/avrc_bld_tg.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/026f04c83281557a0d24df0bd19d72c74cdc320e"}]}