{"id":"ASB-A-197868577", "published":"2021-12-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2021-0968", "A-197868577"], "details":"In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-12-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/cee4d086c959e174328a0e173398d99f59ccbb1f"], "severity":"Critical", "spl":"2021-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"133515069060463300907966626649197431077", "length":180}, "id":"ASB-A-197868577-2e3c1304", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/cee4d086c959e174328a0e173398d99f59ccbb1f", "target":{"file":"osi/src/allocator.cc", "function":"osi_calloc"}}, {"deprecated":false, "digest":{"function_hash":"117538921863687452573602227384761554202", "length":176}, "id":"ASB-A-197868577-37f71231", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/cee4d086c959e174328a0e173398d99f59ccbb1f", "target":{"file":"osi/src/allocator.cc", "function":"osi_malloc"}}, {"deprecated":false, "digest":{"line_hashes":["202646545228519606468605655560141210094", "272342536816153109009821619670548510412", "140660819875019453777698067336487926622", "90577778521919955422444438216599194331", "318145221288325454207691524196237343651", "118114027170040244437591581732054233909", "266839983093794151707598956899575249286", "166390355539842863750748059879262597292"], "threshold":0.9}, "id":"ASB-A-197868577-7a3c9ba8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/cee4d086c959e174328a0e173398d99f59ccbb1f", "target":{"file":"osi/src/allocator.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-12-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/1e76ec66d8ad19f94a4e253db040d6983c6b830e"], "severity":"Critical", "spl":"2021-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"133515069060463300907966626649197431077", "length":180}, "id":"ASB-A-197868577-189e24b2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/1e76ec66d8ad19f94a4e253db040d6983c6b830e", "target":{"file":"osi/src/allocator.cc", "function":"osi_calloc"}}, {"deprecated":false, "digest":{"function_hash":"117538921863687452573602227384761554202", "length":176}, "id":"ASB-A-197868577-982e1563", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/1e76ec66d8ad19f94a4e253db040d6983c6b830e", "target":{"file":"osi/src/allocator.cc", "function":"osi_malloc"}}, {"deprecated":false, "digest":{"line_hashes":["202646545228519606468605655560141210094", "272342536816153109009821619670548510412", "140660819875019453777698067336487926622", "90577778521919955422444438216599194331", "318145221288325454207691524196237343651", "118114027170040244437591581732054233909", "266839983093794151707598956899575249286", "166390355539842863750748059879262597292"], "threshold":0.9}, "id":"ASB-A-197868577-af3cde8b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/1e76ec66d8ad19f94a4e253db040d6983c6b830e", "target":{"file":"osi/src/allocator.cc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/e435404a7d2afa6b4cb9a59319667bf72af4df1f"], "severity":"Critical", "spl":"2021-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"133515069060463300907966626649197431077", "length":180}, "id":"ASB-A-197868577-5c67fb4a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/e435404a7d2afa6b4cb9a59319667bf72af4df1f", "target":{"file":"osi/src/allocator.cc", "function":"osi_calloc"}}, {"deprecated":false, "digest":{"line_hashes":["202646545228519606468605655560141210094", "272342536816153109009821619670548510412", "140660819875019453777698067336487926622", "90577778521919955422444438216599194331", "318145221288325454207691524196237343651", "118114027170040244437591581732054233909", "266839983093794151707598956899575249286", "166390355539842863750748059879262597292"], "threshold":0.9}, "id":"ASB-A-197868577-91d9fc83", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/e435404a7d2afa6b4cb9a59319667bf72af4df1f", "target":{"file":"osi/src/allocator.cc"}}, {"deprecated":false, "digest":{"function_hash":"117538921863687452573602227384761554202", "length":176}, "id":"ASB-A-197868577-fdad8b17", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/e435404a7d2afa6b4cb9a59319667bf72af4df1f", "target":{"file":"osi/src/allocator.cc", "function":"osi_malloc"}}]}}, {"package":{"name":"platform/system/bt", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2021-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/a1184057b275eb91857977663fe05016df67b3c5"], "severity":"Critical", "spl":"2021-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"133515069060463300907966626649197431077", "length":180}, "id":"ASB-A-197868577-0ad5617f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/a1184057b275eb91857977663fe05016df67b3c5", "target":{"file":"osi/src/allocator.cc", "function":"osi_calloc"}}, {"deprecated":false, "digest":{"function_hash":"117538921863687452573602227384761554202", "length":176}, "id":"ASB-A-197868577-94a8a3f4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/a1184057b275eb91857977663fe05016df67b3c5", "target":{"file":"osi/src/allocator.cc", "function":"osi_malloc"}}, {"deprecated":false, "digest":{"line_hashes":["202646545228519606468605655560141210094", "272342536816153109009821619670548510412", "140660819875019453777698067336487926622", "90577778521919955422444438216599194331", "318145221288325454207691524196237343651", "118114027170040244437591581732054233909", "266839983093794151707598956899575249286", "166390355539842863750748059879262597292"], "threshold":0.9}, "id":"ASB-A-197868577-b52b98e5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/bt/+/a1184057b275eb91857977663fe05016df67b3c5", "target":{"file":"osi/src/allocator.cc"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-12-01"}]}