{"id":"ASB-A-198346478", "published":"2021-12-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0966", "A-198346478"], "details":"In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/tools/aidl", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/tools/aidl/+/f2e752316b0d9d2708bc56d20c1649e704bca030"], "severity":"High", "spl":"2021-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["312820962761557008148303880221382425359", "23823734065005563513966409513642516805", "33002857817697896316689490743289806656", "39714594035538264493668839179804785235"], "threshold":0.9}, "id":"ASB-A-198346478-206c067d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/tools/aidl/+/f2e752316b0d9d2708bc56d20c1649e704bca030", "target":{"file":"generate_cpp.cpp"}}, {"deprecated":false, "digest":{"function_hash":"326601426788344758004763648233943715918", "length":2239}, "id":"ASB-A-198346478-428f4e0b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/tools/aidl/+/f2e752316b0d9d2708bc56d20c1649e704bca030", "target":{"file":"generate_cpp.cpp", "function":"BuildParcelHeader"}}, {"deprecated":false, "digest":{"line_hashes":["129378056618984160971364387354311187123", "178003074383539396753051710658857581258", "225238775845769716849799452850860555295", "273028201806421038180591682801863800162"], "threshold":0.9}, "id":"ASB-A-198346478-640953c0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/tools/aidl/+/f2e752316b0d9d2708bc56d20c1649e704bca030", "target":{"file":"generate_ndk.cpp"}}, {"deprecated":false, "digest":{"function_hash":"222524032315743326666284216788730707453", "length":992}, "id":"ASB-A-198346478-741a9d9f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/tools/aidl/+/f2e752316b0d9d2708bc56d20c1649e704bca030", "target":{"file":"generate_ndk.cpp", "function":"GenerateParcelHeader"}}]}}, {"package":{"name":"platform/system/tools/aidl", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2021-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088"], "severity":"High", "spl":"2021-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["264802842146083026036916011199573792850", "204040046010545831252756766834823289204", "6806657853291627825636324932845214010", "294743258619582016492104830905565405228"], "threshold":0.9}, "id":"ASB-A-198346478-05cb5868", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088", "target":{"file":"generate_cpp.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["113279781244028926090189194923672148444", "74391618858168488632270844761742943164", "225238775845769716849799452850860555295", "273028201806421038180591682801863800162"], "threshold":0.9}, "id":"ASB-A-198346478-578ddbc8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088", "target":{"file":"generate_ndk.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["250718133067864697922945017348274298643", "52372194918281449002100330847136220109", "98496241369463802619853693648845541680", "84516898486546100705879329204325126564", "60549146341320380808439822386520322686", "66087812960287637138850269813056259827", "186747283850515549722558151870431505928", "159916955571046314316531372104725995262", "311303759342704408277996765929478986244", "244389655537552032501284148424871825216", "68076576393139126643742075043240320347", "110191790375250089414103832924326854985", "138123917172604772914053740305500257301", "12320108308049293518580822616258861105", "322788696425952919733109864849010772609", "111790049379499682798059568367686923797", "112348007897370324614304973623611181556", "128765566414775141195211131112138987698", "119864308726076405577909097788658756970"], "threshold":0.9}, "id":"ASB-A-198346478-5d639350", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088", "target":{"file":"tests/golden_output/aidl-test-interface-cpp-source/gen/include/android/aidl/tests/StructuredParcelable.h"}}, {"deprecated":false, "digest":{"line_hashes":["66967101736838554154680316481538631836", "236251703838020997560660639668582255895", "45845238726788281392925421476760920617", "152650760950779136808616691559163958565", "332435470753299164675451992494096568721", "92259272660562283691011302569012975336", "48288453470048448400082083847194364666", "189681335721922647839436997093688526830", "161979024677520046017255690135461073012", "222165546359451352255176667446033045892", "177862384560001095647430931807351745316", "275560139398974124159070503857220187967", "280219198516595038208414537672341683764", "292316102031252907198125093355093200083", "7477696309102365821669176671113444918", "189883291931785653866654619149685023814", "61427490000947264933972889040432958511", "288218642560871932972797989426715939544", "297835768597214604458524111445427079728"], "threshold":0.9}, "id":"ASB-A-198346478-b1825f5b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088", "target":{"file":"tests/golden_output/aidl-test-interface-ndk_platform-source/gen/include/aidl/android/aidl/tests/StructuredParcelable.h"}}, {"deprecated":false, "digest":{"function_hash":"284803375110470307090192299003511583373", "length":755}, "id":"ASB-A-198346478-dd304f6a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088", "target":{"file":"generate_cpp.cpp", "function":"BuildParcelFields"}}, {"deprecated":false, "digest":{"function_hash":"336089501090492204401183314771489846266", "length":2088}, "id":"ASB-A-198346478-f8e048a4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/tools/aidl/+/8f9de735cc768434fe35e683d8140ccc6c70a088", "target":{"file":"generate_ndk.cpp", "function":"GenerateParcelHeader"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-12-01"}]}