{"id":"ASB-A-175686168", "published":"2021-05-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0475", "A-175686168"], "details":"In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-05-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b"], "severity":"Critical", "spl":"2021-05-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"178160968470936185638320098311249109670", "length":1231}, "id":"ASB-A-175686168-2977bff2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b", "target":{"file":"btif/src/btif_sock_l2cap.cc", "function":"on_l2cap_data_ind"}}, {"deprecated":false, "digest":{"line_hashes":["232639603431135776560044852476418725891", "168916461548729188579484168029015739824", "124933438368082664701261495312317559181", "316733693649287323913347624274301580166", "64953267401263309934326317444384765108", "138903504683551870702194073267273907795", "184973989303508159385904149340114855909", "212825330865716935874456695975242953166"], "threshold":0.9}, "id":"ASB-A-175686168-f38ea23a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b", "target":{"file":"btif/src/btif_sock_l2cap.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-05-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b"], "severity":"Critical", "spl":"2021-05-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"178160968470936185638320098311249109670", "length":1231}, "id":"ASB-A-175686168-0214252e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b", "target":{"file":"btif/src/btif_sock_l2cap.cc", "function":"on_l2cap_data_ind"}}, {"deprecated":false, "digest":{"line_hashes":["232639603431135776560044852476418725891", "168916461548729188579484168029015739824", "124933438368082664701261495312317559181", "316733693649287323913347624274301580166", "64953267401263309934326317444384765108", "138903504683551870702194073267273907795", "184973989303508159385904149340114855909", "212825330865716935874456695975242953166"], "threshold":0.9}, "id":"ASB-A-175686168-060588d2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b", "target":{"file":"btif/src/btif_sock_l2cap.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-05-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/a632a66b81ee4b1db65d0cf64b4ce525f56214ff"}]}