CVE-2020-0471
https://notcve.org/view.php?id=CVE-2020-0471
In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-169327567. En la función reassemble_and_dispatch del archivo packet_fragmenter.cc, existe una posible manera de inyectar paquetes en una conexión Bluetooth cifrada debido a una comprobación inapropiada de la entrada. • https://source.android.com/security/bulletin/2021-01-01 • CWE-20: Improper Input Validation •
CVE-2021-0316
https://notcve.org/view.php?id=CVE-2021-0316
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-168802990. En la función avrc_pars_vendor_cmd del archivo avrc_pars_tg.cc, se presenta una posible escritura fuera de límites debido a que falta una comprobación de límites. • https://source.android.com/security/bulletin/2021-01-01 • CWE-787: Out-of-bounds Write •
CVE-2021-0317
https://notcve.org/view.php?id=CVE-2021-0317
In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11, Android-8.0, Android-8.1, Android-9; Android ID: A-168319670. En la función createOrUpdate del archivo Permission.java y el código relacionado, se presenta una posible escalada de permisos debido a un error lógico. • https://source.android.com/security/bulletin/2021-01-01 • CWE-863: Incorrect Authorization •
CVE-2021-0318
https://notcve.org/view.php?id=CVE-2021-0318
In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968. En la función appendEventsToCacheLocked del archivo SensorEventConnection.cpp, se presenta una posible escritura fuera de límites debido a un uso de la memoria previamente liberada. • https://source.android.com/security/bulletin/2021-01-01 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2021-0319
https://notcve.org/view.php?id=CVE-2021-0319
In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-167244818. En la función checkCallerIsSystemOr del archivo CompanionDeviceManagerService.java, existe una posible manera de obtener la dirección MAC de un dispositivo Bluetooth cercano sin los permisos apropiados debido a una omisión de permisos. • https://source.android.com/security/bulletin/2021-01-01 • CWE-863: Incorrect Authorization •