{"id":"ASB-A-180939982", "published":"2021-07-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0589", "A-180939982"], "details":"In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-07-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af"], "severity":"High", "spl":"2021-07-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["229649218305656428549971312928355924069", "302020453849528639859788595298992076256", "329111539459289314853287617962020363517", "318226620072315205662574818221075035721", "100087434589779038505505906702542202188", "130280296058774809801173065708333676216", "227120603825068718216275169200270064687", "150076396632444464927396083357598623209"], "threshold":0.9}, "id":"ASB-A-180939982-18380d56", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc"}}, {"deprecated":false, "digest":{"function_hash":"170137943210695062333103982890720332686", "length":216}, "id":"ASB-A-180939982-2579a72d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc", "function":"BTM_TryAllocateSCN"}}, {"deprecated":false, "digest":{"function_hash":"34207615692176020308457833992444319540", "length":183}, "id":"ASB-A-180939982-537e823a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc", "function":"BTM_FreeSCN"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-07-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af"], "severity":"High", "spl":"2021-07-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["229649218305656428549971312928355924069", "302020453849528639859788595298992076256", "329111539459289314853287617962020363517", "318226620072315205662574818221075035721", "100087434589779038505505906702542202188", "130280296058774809801173065708333676216", "227120603825068718216275169200270064687", "150076396632444464927396083357598623209"], "threshold":0.9}, "id":"ASB-A-180939982-3192a4b1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc"}}, {"deprecated":false, "digest":{"function_hash":"34207615692176020308457833992444319540", "length":183}, "id":"ASB-A-180939982-69987113", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc", "function":"BTM_FreeSCN"}}, {"deprecated":false, "digest":{"function_hash":"170137943210695062333103982890720332686", "length":216}, "id":"ASB-A-180939982-b54b0eae", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc", "function":"BTM_TryAllocateSCN"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-07-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af"], "severity":"High", "spl":"2021-07-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"170137943210695062333103982890720332686", "length":216}, "id":"ASB-A-180939982-645e8ba1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc", "function":"BTM_TryAllocateSCN"}}, {"deprecated":false, "digest":{"line_hashes":["229649218305656428549971312928355924069", "302020453849528639859788595298992076256", "329111539459289314853287617962020363517", "318226620072315205662574818221075035721", "100087434589779038505505906702542202188", "130280296058774809801173065708333676216", "227120603825068718216275169200270064687", "150076396632444464927396083357598623209"], "threshold":0.9}, "id":"ASB-A-180939982-8722f9a6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc"}}, {"deprecated":false, "digest":{"function_hash":"34207615692176020308457833992444319540", "length":183}, "id":"ASB-A-180939982-a8459a99", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc", "function":"BTM_FreeSCN"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-07-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af"], "severity":"High", "spl":"2021-07-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"34207615692176020308457833992444319540", "length":183}, "id":"ASB-A-180939982-1aaa3bb6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc", "function":"BTM_FreeSCN"}}, {"deprecated":false, "digest":{"line_hashes":["229649218305656428549971312928355924069", "302020453849528639859788595298992076256", "329111539459289314853287617962020363517", "318226620072315205662574818221075035721", "100087434589779038505505906702542202188", "130280296058774809801173065708333676216", "227120603825068718216275169200270064687", "150076396632444464927396083357598623209"], "threshold":0.9}, "id":"ASB-A-180939982-451c7e7d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc"}}, {"deprecated":false, "digest":{"function_hash":"170137943210695062333103982890720332686", "length":216}, "id":"ASB-A-180939982-4d888ce6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af", "target":{"file":"stack/btm/btm_acl.cc", "function":"BTM_TryAllocateSCN"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-07-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/fa1c6354aa0fd4af6407e196f0ca6629c5d74ec8"}]}