{"id":"ASB-A-168802990","details":"In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-168802990","CVE-2021-0316"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2021-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2021-01-01"}]}],"versions":["8.0"],"ecosystem_specific":{"spl":"2021-01-01","severity":"Critical","vanir_signatures":[{"id":"ASB-A-168802990-4d3523c5","digest":{"length":6883,"function_hash":"124405311670877030883599687544204952"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e","signature_type":"Function","target":{"file":"stack/avrc/avrc_pars_tg.cc","function":"avrc_pars_vendor_cmd"},"signature_version":"v1"},{"id":"ASB-A-168802990-d85464e0","digest":{"threshold":0.9,"line_hashes":["304297521142496603265053671498398544393","196849927725121048719279673018861978368","310733482542310402760765843212954607050","22515287008392193236497768212461137106"]},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e","signature_type":"Line","target":{"file":"stack/avrc/avrc_pars_tg.cc"},"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"],"types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-168802990.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-01-01"}]}],"versions":["8.1"],"ecosystem_specific":{"spl":"2021-01-01","severity":"Critical","vanir_signatures":[{"id":"ASB-A-168802990-ebd28ce2","digest":{"threshold":0.9,"line_hashes":["304297521142496603265053671498398544393","196849927725121048719279673018861978368","310733482542310402760765843212954607050","22515287008392193236497768212461137106"]},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e","signature_type":"Line","target":{"file":"stack/avrc/avrc_pars_tg.cc"},"signature_version":"v1"},{"id":"ASB-A-168802990-ec3fda42","digest":{"length":6883,"function_hash":"124405311670877030883599687544204952"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e","signature_type":"Function","target":{"file":"stack/avrc/avrc_pars_tg.cc","function":"avrc_pars_vendor_cmd"},"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"],"types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-168802990.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-01-01"}]}],"versions":["9"],"ecosystem_specific":{"spl":"2021-01-01","severity":"Critical","vanir_signatures":[{"id":"ASB-A-168802990-1e77f619","digest":{"length":6883,"function_hash":"124405311670877030883599687544204952"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e","signature_type":"Function","target":{"file":"stack/avrc/avrc_pars_tg.cc","function":"avrc_pars_vendor_cmd"},"signature_version":"v1"},{"id":"ASB-A-168802990-2752028e","digest":{"threshold":0.9,"line_hashes":["304297521142496603265053671498398544393","196849927725121048719279673018861978368","310733482542310402760765843212954607050","22515287008392193236497768212461137106"]},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e","signature_type":"Line","target":{"file":"stack/avrc/avrc_pars_tg.cc"},"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"],"types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-168802990.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-01-01"}]}],"versions":["10"],"ecosystem_specific":{"spl":"2021-01-01","severity":"Critical","vanir_signatures":[{"id":"ASB-A-168802990-906a3e07","digest":{"threshold":0.9,"line_hashes":["304297521142496603265053671498398544393","196849927725121048719279673018861978368","310733482542310402760765843212954607050","22515287008392193236497768212461137106"]},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e","signature_type":"Line","target":{"file":"stack/avrc/avrc_pars_tg.cc"},"signature_version":"v1"},{"id":"ASB-A-168802990-cdcf762b","digest":{"length":6883,"function_hash":"124405311670877030883599687544204952"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e","signature_type":"Function","target":{"file":"stack/avrc/avrc_pars_tg.cc","function":"avrc_pars_vendor_cmd"},"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"],"types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-168802990.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-01-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2021-01-01","severity":"Critical","vanir_signatures":[{"id":"ASB-A-168802990-049b8cd4","digest":{"length":6883,"function_hash":"124405311670877030883599687544204952"},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e","signature_type":"Function","target":{"file":"stack/avrc/avrc_pars_tg.cc","function":"avrc_pars_vendor_cmd"},"signature_version":"v1"},{"id":"ASB-A-168802990-886b571a","digest":{"threshold":0.9,"line_hashes":["304297521142496603265053671498398544393","196849927725121048719279673018861978368","310733482542310402760765843212954607050","22515287008392193236497768212461137106"]},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e","signature_type":"Line","target":{"file":"stack/avrc/avrc_pars_tg.cc"},"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/system/bt/+/f328ab46d5419632aec221f95b186ec71077176e"],"types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-168802990.json"}}],"schema_version":"1.7.5"}