{"id":"ASB-A-192472262", "published":"2021-10-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2021-0870", "A-192472262"], "details":"In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12-next:0"}, {"fixed":"12-next:2021-10-05"}]}], "versions":["12-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/b8057f7a38d5817314f6f2e58bd4a721ec8af82f"], "severity":"Critical", "spl":"2021-10-05", "types":["Unknown", "RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["302893232867454018641363865655908411067", "210976996113860512045570130387013366078", "313465638352293828128083945162559551649", "279250398018132916871186158522252980488", "127156942092032599343570054826927051280", "330257752897520507121636459421915019403", "80533257021511510262798487844484235390"], "threshold":0.9}, "id":"ASB-A-192472262-2eb81857", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/b8057f7a38d5817314f6f2e58bd4a721ec8af82f", "target":{"file":"src/nfc/tags/rw_main.cc"}}, {"deprecated":false, "digest":{"function_hash":"136064316806963250491071978082355760990", "length":2471}, "id":"ASB-A-192472262-52cfb177", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/b8057f7a38d5817314f6f2e58bd4a721ec8af82f", "target":{"file":"src/nfc/tags/rw_main.cc", "function":"RW_SetActivatedTagType"}}]}}, {"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-10-05"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d"], "severity":"Critical", "spl":"2021-10-05", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["47205773305918336113512978760078968046", "226892096083222133045730400048669507793", "182438082539428302298182184409806005702", "154378929107018221922310404154722669410"], "threshold":0.9}, "id":"ASB-A-192472262-03091d52", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d", "target":{"file":"src/nfc/int/rw_int.h"}}, {"deprecated":false, "digest":{"line_hashes":["62768246765865703317798982287313285624", "193361874913685253006957382496936244893", "313465638352293828128083945162559551649", "114204275395889699226632905647299224125", "74097997669915371604652575479350485954", "330257752897520507121636459421915019403", "80533257021511510262798487844484235390", "31319219388572861682443835133408565508", "116752398114785600286813135760767414721", "7264008467217708235998599358252336213", "259043411013545100030468099958946466968", "66380368866398155582324220364231770408", "128308300361778126841715943824972191586", "45003195277241335126040370648453576070", "250823399380312319798879698572175657712", "217166207319349240801842679167475713420", "202777370979880363927424928257696026940", "98891080186251884775689380644836571055", "136563850250159475160082139666915979006", "74810456903472927028660912231395471901", "168321468630801764284270519507927749771", "178625057479913812332593574824862549202", "44658155767870717743453013966218461797", "39892505200246538321811963991462431623", "271515681854671110353452512011639352970", "207751600410343440732061341520047310602", "182251488327910846416215502616996840247", "160900221743648009562165594854372781712", "245509992315490758294603412755090121580", "187575340196971718705980383561492153201", "254610896113732718132171255378618124950", "81266092936727332726007925725092110041"], "threshold":0.9}, "id":"ASB-A-192472262-3a318eea", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d", "target":{"file":"src/nfc/tags/rw_main.c"}}, {"deprecated":false, "digest":{"function_hash":"218380719019543911311176873720563389466", "length":216}, "id":"ASB-A-192472262-5f48fcc0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d", "target":{"file":"src/nfa/rw/nfa_rw_main.c", "function":"nfa_rw_sys_disable"}}, {"deprecated":false, "digest":{"function_hash":"209796781797281272901044075285254003723", "length":1825}, "id":"ASB-A-192472262-646b836a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d", "target":{"file":"src/nfc/tags/rw_main.c", "function":"RW_SetActivatedTagType"}}, {"deprecated":false, "digest":{"line_hashes":["285497211518417974432189690540753525042", "167195127492270607099839688168886392530", "32116527672606639105308544545969692718", "213098385050008327674115042759588706981", "215084346443858707146625045683015095430", "169175089188190789203230794793600354144", "326899375905766269527112838767128193986", "96380901065363285994934094620422738588"], "threshold":0.9}, "id":"ASB-A-192472262-85581b8e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d", "target":{"file":"src/nfa/rw/nfa_rw_main.c"}}]}}, {"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-10-05"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6"], "severity":"Critical", "spl":"2021-10-05", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["309169735620520086458409125414466365005", "159794013037315425599564031163905188888", "80984087769456794948701838175523115202", "18360374466063427144233264522237211541", "215084346443858707146625045683015095430", "169175089188190789203230794793600354144", "326899375905766269527112838767128193986", "96380901065363285994934094620422738588"], "threshold":0.9}, "id":"ASB-A-192472262-44dcac7d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6", "target":{"file":"src/nfa/rw/nfa_rw_main.cc"}}, {"deprecated":false, "digest":{"function_hash":"268459797997841723291835856033701742726", "length":1910}, "id":"ASB-A-192472262-4cdf7de0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6", "target":{"file":"src/nfc/tags/rw_main.cc", "function":"RW_SetActivatedTagType"}}, {"deprecated":false, "digest":{"function_hash":"218380719019543911311176873720563389466", "length":216}, "id":"ASB-A-192472262-5dfbf3af", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6", "target":{"file":"src/nfa/rw/nfa_rw_main.cc", "function":"nfa_rw_sys_disable"}}, {"deprecated":false, "digest":{"line_hashes":["302893232867454018641363865655908411067", "210976996113860512045570130387013366078", "313465638352293828128083945162559551649", "279250398018132916871186158522252980488", "127156942092032599343570054826927051280", "330257752897520507121636459421915019403", "80533257021511510262798487844484235390", "31319219388572861682443835133408565508", "116752398114785600286813135760767414721", "7264008467217708235998599358252336213", "259043411013545100030468099958946466968", "66380368866398155582324220364231770408", "128308300361778126841715943824972191586", "45003195277241335126040370648453576070", "250823399380312319798879698572175657712", "217166207319349240801842679167475713420", "202777370979880363927424928257696026940", "98891080186251884775689380644836571055", "136563850250159475160082139666915979006", "74810456903472927028660912231395471901", "168321468630801764284270519507927749771", "178625057479913812332593574824862549202", "44658155767870717743453013966218461797", "39892505200246538321811963991462431623", "271515681854671110353452512011639352970", "207751600410343440732061341520047310602", "182251488327910846416215502616996840247", "160900221743648009562165594854372781712", "245509992315490758294603412755090121580", "130807270010810019887561946639422356455", "137850334771874421580276121016572181376", "195681628029619760819634353988126873983"], "threshold":0.9}, "id":"ASB-A-192472262-7a2aaeee", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6", "target":{"file":"src/nfc/tags/rw_main.cc"}}, {"deprecated":false, "digest":{"line_hashes":["47205773305918336113512978760078968046", "226892096083222133045730400048669507793", "182438082539428302298182184409806005702", "154378929107018221922310404154722669410"], "threshold":0.9}, "id":"ASB-A-192472262-9366abf2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6", "target":{"file":"src/nfc/include/rw_int.h"}}]}}, {"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-10-05"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3"], "severity":"Critical", "spl":"2021-10-05", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"26444777302962642810174583622933893910", "length":222}, "id":"ASB-A-192472262-02686856", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3", "target":{"file":"src/nfa/rw/nfa_rw_main.cc", "function":"nfa_rw_sys_disable"}}, {"deprecated":false, "digest":{"line_hashes":["309169735620520086458409125414466365005", "159794013037315425599564031163905188888", "80984087769456794948701838175523115202", "18360374466063427144233264522237211541", "215084346443858707146625045683015095430", "159278060834158007775759667138713669769", "11897088447118833119069963727776228279", "26675774579406487782617293833818601816"], "threshold":0.9}, "id":"ASB-A-192472262-28efe7a1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3", "target":{"file":"src/nfa/rw/nfa_rw_main.cc"}}, {"deprecated":false, "digest":{"line_hashes":["283980276947757954147086910615649205523", "270225791925085912678029993266002704005", "182438082539428302298182184409806005702", "154378929107018221922310404154722669410"], "threshold":0.9}, "id":"ASB-A-192472262-488f579b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3", "target":{"file":"src/nfc/include/rw_int.h"}}, {"deprecated":false, "digest":{"function_hash":"133308851215872874088684263280792939599", "length":2212}, "id":"ASB-A-192472262-6f26c9f8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3", "target":{"file":"src/nfc/tags/rw_main.cc", "function":"RW_SetActivatedTagType"}}, {"deprecated":false, "digest":{"line_hashes":["302893232867454018641363865655908411067", "210976996113860512045570130387013366078", "313465638352293828128083945162559551649", "279250398018132916871186158522252980488", "127156942092032599343570054826927051280", "330257752897520507121636459421915019403", "80533257021511510262798487844484235390", "31319219388572861682443835133408565508", "116752398114785600286813135760767414721", "7264008467217708235998599358252336213", "259043411013545100030468099958946466968", "66380368866398155582324220364231770408", "128308300361778126841715943824972191586", "45003195277241335126040370648453576070", "250823399380312319798879698572175657712", "217166207319349240801842679167475713420", "202777370979880363927424928257696026940", "98891080186251884775689380644836571055", "136563850250159475160082139666915979006", "74810456903472927028660912231395471901", "168321468630801764284270519507927749771", "178625057479913812332593574824862549202", "44658155767870717743453013966218461797", "39892505200246538321811963991462431623", "271515681854671110353452512011639352970", "207751600410343440732061341520047310602", "182251488327910846416215502616996840247", "194004132327884942881320893418192782225", "302265989959309570159241524866198955392", "49942536497191962176559980304491535831", "31040897761022751548153717369945726216", "164928981599508020981873727737507511403", "248676804094145601138400730689456634904", "130807270010810019887561946639422356455", "137850334771874421580276121016572181376", "82485740918241156753307011759424513245"], "threshold":0.9}, "id":"ASB-A-192472262-90a50ccb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3", "target":{"file":"src/nfc/tags/rw_main.cc"}}]}}, {"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-10-05"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3"], "severity":"Critical", "spl":"2021-10-05", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"133308851215872874088684263280792939599", "length":2212}, "id":"ASB-A-192472262-2c582bb7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3", "target":{"file":"src/nfc/tags/rw_main.cc", "function":"RW_SetActivatedTagType"}}, {"deprecated":false, "digest":{"line_hashes":["283980276947757954147086910615649205523", "270225791925085912678029993266002704005", "182438082539428302298182184409806005702", "154378929107018221922310404154722669410"], "threshold":0.9}, "id":"ASB-A-192472262-4b05b61a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3", "target":{"file":"src/nfc/include/rw_int.h"}}, {"deprecated":false, "digest":{"line_hashes":["302893232867454018641363865655908411067", "210976996113860512045570130387013366078", "313465638352293828128083945162559551649", "279250398018132916871186158522252980488", "127156942092032599343570054826927051280", "330257752897520507121636459421915019403", "80533257021511510262798487844484235390", "31319219388572861682443835133408565508", "116752398114785600286813135760767414721", "7264008467217708235998599358252336213", "259043411013545100030468099958946466968", "66380368866398155582324220364231770408", "128308300361778126841715943824972191586", "45003195277241335126040370648453576070", "250823399380312319798879698572175657712", "217166207319349240801842679167475713420", "202777370979880363927424928257696026940", "98891080186251884775689380644836571055", "136563850250159475160082139666915979006", "74810456903472927028660912231395471901", "168321468630801764284270519507927749771", "178625057479913812332593574824862549202", "44658155767870717743453013966218461797", "39892505200246538321811963991462431623", "271515681854671110353452512011639352970", "207751600410343440732061341520047310602", "182251488327910846416215502616996840247", "194004132327884942881320893418192782225", "302265989959309570159241524866198955392", "49942536497191962176559980304491535831", "31040897761022751548153717369945726216", "164928981599508020981873727737507511403", "248676804094145601138400730689456634904", "130807270010810019887561946639422356455", "137850334771874421580276121016572181376", "82485740918241156753307011759424513245"], "threshold":0.9}, "id":"ASB-A-192472262-c1b0fe4f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3", "target":{"file":"src/nfc/tags/rw_main.cc"}}, {"deprecated":false, "digest":{"line_hashes":["309169735620520086458409125414466365005", "159794013037315425599564031163905188888", "80984087769456794948701838175523115202", "18360374466063427144233264522237211541", "215084346443858707146625045683015095430", "159278060834158007775759667138713669769", "11897088447118833119069963727776228279", "26675774579406487782617293833818601816"], "threshold":0.9}, "id":"ASB-A-192472262-c36653ca", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3", "target":{"file":"src/nfa/rw/nfa_rw_main.cc"}}, {"deprecated":false, "digest":{"function_hash":"26444777302962642810174583622933893910", "length":222}, "id":"ASB-A-192472262-fe1eebbe", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3", "target":{"file":"src/nfa/rw/nfa_rw_main.cc", "function":"nfa_rw_sys_disable"}}]}}, {"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2021-10-05"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/ad4982472cdf83d9ba8eb75078ca1c3bc05f6b23"], "severity":"Critical", "spl":"2021-10-05", "types":["Unknown"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"136064316806963250491071978082355760990", "length":2471}, "id":"ASB-A-192472262-4b4bdd2b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/ad4982472cdf83d9ba8eb75078ca1c3bc05f6b23", "target":{"file":"src/nfc/tags/rw_main.cc", "function":"RW_SetActivatedTagType"}}, {"deprecated":false, "digest":{"line_hashes":["302893232867454018641363865655908411067", "210976996113860512045570130387013366078", "313465638352293828128083945162559551649", "279250398018132916871186158522252980488", "127156942092032599343570054826927051280", "330257752897520507121636459421915019403", "80533257021511510262798487844484235390"], "threshold":0.9}, "id":"ASB-A-192472262-5709d997", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/ad4982472cdf83d9ba8eb75078ca1c3bc05f6b23", "target":{"file":"src/nfc/tags/rw_main.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/nfc/+/90111073522a65d47defa5e38813f0ea1af6d55b"}]}