{"id":"ASB-A-179687208","details":"In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-179687208","CVE-2021-0473"],"modified":"2026-04-17T15:55:28.020024Z","published":"2021-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/nfc/+/cd0f77f71ff4166529fc22aa7db6c32dbb1d2c1c"}],"affected":[{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-05-01"}]}],"versions":["8.1"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/f6e6e9fa1a592a771c52d05a9d46a5d3bb46eb5d"],"vanir_signatures":[{"signature_version":"v1","digest":{"length":1315,"function_hash":"331835450780071697791071812878801902032"},"target":{"function":"rw_t3t_process_error","file":"src/nfc/tags/rw_t3t.c"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/f6e6e9fa1a592a771c52d05a9d46a5d3bb46eb5d","id":"ASB-A-179687208-27b18454"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["48838824143632446236877037236074528178","158489585260386727574841500769921195104","259353960661015168626817055514604027761","267746650000938824768428500463841864065","112666906815363815181296324830037308924","35738963624127063264848126022030470008","330075148893387680835890028712673310014","10023128720364774209961067861393403769","176001538401833280057276880369533264385","110810256283591040175383412890861354855","303248564977338149430704383571571724618","272338237097582997122833180151477220768","280604516994264157567664258017009044393","109584102293163842455512220033839730390"]},"target":{"file":"src/nfc/tags/rw_t3t.c"},"deprecated":false,"signature_type":"Line","source":"https://android.googlesource.com/platform/system/nfc/+/f6e6e9fa1a592a771c52d05a9d46a5d3bb46eb5d","id":"ASB-A-179687208-3254857e"},{"signature_version":"v1","digest":{"length":519,"function_hash":"235784224533787868329530836861343859246"},"target":{"function":"RW_T3tPoll","file":"src/nfc/tags/rw_t3t.c"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/f6e6e9fa1a592a771c52d05a9d46a5d3bb46eb5d","id":"ASB-A-179687208-62a36e06"},{"signature_version":"v1","digest":{"length":1457,"function_hash":"224806995487466544716519884335005939479"},"target":{"function":"rw_t3t_handle_nci_poll_ntf","file":"src/nfc/tags/rw_t3t.c"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/f6e6e9fa1a592a771c52d05a9d46a5d3bb46eb5d","id":"ASB-A-179687208-cc24e382"}],"severity":"Critical","spl":"2021-05-01","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-179687208.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-05-01"}]}],"versions":["9"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5"],"vanir_signatures":[{"signature_version":"v1","digest":{"length":1397,"function_hash":"78054425638840194405582966014865418759"},"target":{"function":"rw_t3t_handle_nci_poll_ntf","file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-3d700eb4"},{"signature_version":"v1","digest":{"length":1397,"function_hash":"237860602821158846690564185020342835933"},"target":{"function":"rw_t3t_process_error","file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-9228701e"},{"signature_version":"v1","digest":{"length":565,"function_hash":"143321360021493887347031546427619378992"},"target":{"function":"RW_T3tPoll","file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-9de397e7"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["48838824143632446236877037236074528178","158489585260386727574841500769921195104","259353960661015168626817055514604027761","267746650000938824768428500463841864065","112666906815363815181296324830037308924","35738963624127063264848126022030470008","330075148893387680835890028712673310014","10023128720364774209961067861393403769","126605206966651692680010026225088581047","149100766048301950673779974242080684713","303248564977338149430704383571571724618","280604516994264157567664258017009044393","109584102293163842455512220033839730390","245493155317527578911573490782666788664","340231565703278808647740574965523800871"]},"target":{"file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Line","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-fe713258"}],"severity":"Critical","spl":"2021-05-01","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-179687208.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-05-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5"],"vanir_signatures":[{"signature_version":"v1","digest":{"length":1397,"function_hash":"237860602821158846690564185020342835933"},"target":{"function":"rw_t3t_process_error","file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-39a5ddc1"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["48838824143632446236877037236074528178","158489585260386727574841500769921195104","259353960661015168626817055514604027761","267746650000938824768428500463841864065","112666906815363815181296324830037308924","35738963624127063264848126022030470008","330075148893387680835890028712673310014","10023128720364774209961067861393403769","126605206966651692680010026225088581047","149100766048301950673779974242080684713","303248564977338149430704383571571724618","280604516994264157567664258017009044393","109584102293163842455512220033839730390","245493155317527578911573490782666788664","340231565703278808647740574965523800871"]},"target":{"file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Line","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-3f8229c6"},{"signature_version":"v1","digest":{"length":1397,"function_hash":"78054425638840194405582966014865418759"},"target":{"function":"rw_t3t_handle_nci_poll_ntf","file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-56ad6b2b"},{"signature_version":"v1","digest":{"length":565,"function_hash":"143321360021493887347031546427619378992"},"target":{"function":"RW_T3tPoll","file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-949d2043"}],"severity":"Critical","spl":"2021-05-01","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-179687208.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-05-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5"],"vanir_signatures":[{"signature_version":"v1","digest":{"length":1397,"function_hash":"237860602821158846690564185020342835933"},"target":{"function":"rw_t3t_process_error","file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-268902b8"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["48838824143632446236877037236074528178","158489585260386727574841500769921195104","259353960661015168626817055514604027761","267746650000938824768428500463841864065","112666906815363815181296324830037308924","35738963624127063264848126022030470008","330075148893387680835890028712673310014","10023128720364774209961067861393403769","126605206966651692680010026225088581047","149100766048301950673779974242080684713","303248564977338149430704383571571724618","280604516994264157567664258017009044393","109584102293163842455512220033839730390","245493155317527578911573490782666788664","340231565703278808647740574965523800871"]},"target":{"file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Line","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-53c8655f"},{"signature_version":"v1","digest":{"length":1397,"function_hash":"78054425638840194405582966014865418759"},"target":{"function":"rw_t3t_handle_nci_poll_ntf","file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-6a2d6ba9"},{"signature_version":"v1","digest":{"length":565,"function_hash":"143321360021493887347031546427619378992"},"target":{"function":"RW_T3tPoll","file":"src/nfc/tags/rw_t3t.cc"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/system/nfc/+/16a3bb0b54fb6537abb283a6efadb6dfe53399f5","id":"ASB-A-179687208-fe74e7b2"}],"severity":"Critical","spl":"2021-05-01","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-179687208.json"}}],"schema_version":"1.7.5"}