{"id":"ASB-A-181860042", "published":"2021-06-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2021-0507", "A-181860042"], "details":"In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-06-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/4c9874d7318114a925a1397e4d50c3adf4466cb7"], "severity":"Critical", "spl":"2021-06-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"30384822939121190592029269469687542709", "length":975}, "id":"ASB-A-181860042-20bf1869", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/4c9874d7318114a925a1397e4d50c3adf4466cb7", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_ctrl_pars_vendor_cmd"}}, {"deprecated":false, "digest":{"line_hashes":["209051549421598997493608576163822465820", "185812421405846509614530449186919713536", "297828353395766766323788684671303738769", "103601486506301070812485503618532030479"], "threshold":0.9}, "id":"ASB-A-181860042-6ca4b5d6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/4c9874d7318114a925a1397e4d50c3adf4466cb7", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-06-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/2901716406e6919a286d73eb596c5e16e117dca0"], "severity":"Critical", "spl":"2021-06-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"30384822939121190592029269469687542709", "length":975}, "id":"ASB-A-181860042-28e3190e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/2901716406e6919a286d73eb596c5e16e117dca0", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_ctrl_pars_vendor_cmd"}}, {"deprecated":false, "digest":{"line_hashes":["209051549421598997493608576163822465820", "185812421405846509614530449186919713536", "297828353395766766323788684671303738769", "103601486506301070812485503618532030479"], "threshold":0.9}, "id":"ASB-A-181860042-cbe888c8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/2901716406e6919a286d73eb596c5e16e117dca0", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-06-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/d667a2f6d043d34ee59174b7036e695ad0953ab4"], "severity":"Critical", "spl":"2021-06-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["209051549421598997493608576163822465820", "185812421405846509614530449186919713536", "297828353395766766323788684671303738769", "103601486506301070812485503618532030479"], "threshold":0.9}, "id":"ASB-A-181860042-3d4232cc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/d667a2f6d043d34ee59174b7036e695ad0953ab4", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}, {"deprecated":false, "digest":{"function_hash":"30384822939121190592029269469687542709", "length":975}, "id":"ASB-A-181860042-8fdefab9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/d667a2f6d043d34ee59174b7036e695ad0953ab4", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_ctrl_pars_vendor_cmd"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-06-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/4deeb022c7efe39e9ce34d9373ba900d9ed2741f"], "severity":"Critical", "spl":"2021-06-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["229747177241047671136006243129545939521", "194936249656141924618396571107547943231", "297828353395766766323788684671303738769", "103601486506301070812485503618532030479"], "threshold":0.9}, "id":"ASB-A-181860042-6190d499", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/4deeb022c7efe39e9ce34d9373ba900d9ed2741f", "target":{"file":"stack/avrc/avrc_pars_tg.cc"}}, {"deprecated":false, "digest":{"function_hash":"335736388932527993337630848351454608353", "length":1021}, "id":"ASB-A-181860042-bd8c2c67", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/4deeb022c7efe39e9ce34d9373ba900d9ed2741f", "target":{"file":"stack/avrc/avrc_pars_tg.cc", "function":"avrc_ctrl_pars_vendor_cmd"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-06-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/bt/+/4deeb022c7efe39e9ce34d9373ba900d9ed2741f"}]}