{"id":"ASB-A-175686168","details":"In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-175686168","CVE-2021-0475"],"modified":"2026-04-21T15:25:42.831358Z","published":"2021-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/a632a66b81ee4b1db65d0cf64b4ce525f56214ff"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-05-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["RCE"],"severity":"Critical","spl":"2021-05-01","fixes":["https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b"],"vanir_signatures":[{"id":"ASB-A-175686168-2977bff2","source":"https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b","signature_version":"v1","target":{"function":"on_l2cap_data_ind","file":"btif/src/btif_sock_l2cap.cc"},"signature_type":"Function","deprecated":false,"digest":{"function_hash":"178160968470936185638320098311249109670","length":1231}},{"id":"ASB-A-175686168-f38ea23a","source":"https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b","signature_version":"v1","target":{"file":"btif/src/btif_sock_l2cap.cc"},"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["232639603431135776560044852476418725891","168916461548729188579484168029015739824","124933438368082664701261495312317559181","316733693649287323913347624274301580166","64953267401263309934326317444384765108","138903504683551870702194073267273907795","184973989303508159385904149340114855909","212825330865716935874456695975242953166"]}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-175686168.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-05-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["RCE"],"severity":"Critical","spl":"2021-05-01","fixes":["https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b"],"vanir_signatures":[{"id":"ASB-A-175686168-0214252e","source":"https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b","signature_version":"v1","target":{"function":"on_l2cap_data_ind","file":"btif/src/btif_sock_l2cap.cc"},"signature_type":"Function","deprecated":false,"digest":{"function_hash":"178160968470936185638320098311249109670","length":1231}},{"id":"ASB-A-175686168-060588d2","source":"https://android.googlesource.com/platform/system/bt/+/ff82e7d429902405e7e0a780f955a5b9ef2d9e1b","signature_version":"v1","target":{"file":"btif/src/btif_sock_l2cap.cc"},"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["232639603431135776560044852476418725891","168916461548729188579484168029015739824","124933438368082664701261495312317559181","316733693649287323913347624274301580166","64953267401263309934326317444384765108","138903504683551870702194073267273907795","184973989303508159385904149340114855909","212825330865716935874456695975242953166"]}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-175686168.json"}}],"schema_version":"1.7.5"}