{"id":"ASB-A-264879662", "published":"2023-04-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-21085", "A-264879662"], "details":"In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-04-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78"], "severity":"Critical", "spl":"2023-04-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["208283816317851276167464264087713045043", "101512112163818874160315300790181291129", "227387121055190419413577922687070710536"], "threshold":0.9}, "id":"ASB-A-264879662-1d893a6b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78", "target":{"file":"src/nfc/nci/nci_hmsgs.cc"}}, {"deprecated":false, "digest":{"function_hash":"245286270681895241095322239054195438896", "length":735}, "id":"ASB-A-264879662-5268930d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78", "target":{"file":"src/nfc/nci/nci_hmsgs.cc", "function":"nci_snd_set_routing_cmd"}}]}}, {"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-04-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78"], "severity":"Critical", "spl":"2023-04-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"245286270681895241095322239054195438896", "length":735}, "id":"ASB-A-264879662-c7e88808", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78", "target":{"file":"src/nfc/nci/nci_hmsgs.cc", "function":"nci_snd_set_routing_cmd"}}, {"deprecated":false, "digest":{"line_hashes":["208283816317851276167464264087713045043", "101512112163818874160315300790181291129", "227387121055190419413577922687070710536"], "threshold":0.9}, "id":"ASB-A-264879662-fa5e2d05", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78", "target":{"file":"src/nfc/nci/nci_hmsgs.cc"}}]}}, {"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-04-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78"], "severity":"Critical", "spl":"2023-04-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["208283816317851276167464264087713045043", "101512112163818874160315300790181291129", "227387121055190419413577922687070710536"], "threshold":0.9}, "id":"ASB-A-264879662-4d490539", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78", "target":{"file":"src/nfc/nci/nci_hmsgs.cc"}}, {"deprecated":false, "digest":{"function_hash":"245286270681895241095322239054195438896", "length":735}, "id":"ASB-A-264879662-61a91699", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78", "target":{"file":"src/nfc/nci/nci_hmsgs.cc", "function":"nci_snd_set_routing_cmd"}}]}}, {"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-04-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78"], "severity":"Critical", "spl":"2023-04-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"245286270681895241095322239054195438896", "length":735}, "id":"ASB-A-264879662-be9d5960", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78", "target":{"file":"src/nfc/nci/nci_hmsgs.cc", "function":"nci_snd_set_routing_cmd"}}, {"deprecated":false, "digest":{"line_hashes":["208283816317851276167464264087713045043", "101512112163818874160315300790181291129", "227387121055190419413577922687070710536"], "threshold":0.9}, "id":"ASB-A-264879662-d782ad19", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78", "target":{"file":"src/nfc/nci/nci_hmsgs.cc"}}]}}, {"package":{"name":"platform/system/nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-04-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78"], "severity":"Critical", "spl":"2023-04-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["208283816317851276167464264087713045043", "101512112163818874160315300790181291129", "227387121055190419413577922687070710536"], "threshold":0.9}, "id":"ASB-A-264879662-e074064c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78", "target":{"file":"src/nfc/nci/nci_hmsgs.cc"}}, {"deprecated":false, "digest":{"function_hash":"245286270681895241095322239054195438896", "length":735}, "id":"ASB-A-264879662-f9174d19", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/nfc/+/1dd4d2e1b481dd83ca2b222993fdb74ae5306c78", "target":{"file":"src/nfc/nci/nci_hmsgs.cc", "function":"nci_snd_set_routing_cmd"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/nfc/+/09591ec257b3547348e0e3ba123523ea8361c84d"}]}