{"id":"ASB-A-180939982","details":"In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-180939982","CVE-2021-0589"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2021-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/fa1c6354aa0fd4af6407e196f0ca6629c5d74ec8"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-07-01"}]}],"versions":["8.1"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af"],"spl":"2021-07-01","vanir_signatures":[{"signature_version":"v1","id":"ASB-A-180939982-18380d56","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["229649218305656428549971312928355924069","302020453849528639859788595298992076256","329111539459289314853287617962020363517","318226620072315205662574818221075035721","100087434589779038505505906702542202188","130280296058774809801173065708333676216","227120603825068718216275169200270064687","150076396632444464927396083357598623209"]},"source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","signature_type":"Line","target":{"file":"stack/btm/btm_acl.cc"}},{"signature_version":"v1","id":"ASB-A-180939982-2579a72d","deprecated":false,"digest":{"function_hash":"170137943210695062333103982890720332686","length":216},"source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","signature_type":"Function","target":{"file":"stack/btm/btm_acl.cc","function":"BTM_TryAllocateSCN"}},{"signature_version":"v1","id":"ASB-A-180939982-537e823a","signature_type":"Function","digest":{"function_hash":"34207615692176020308457833992444319540","length":183},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","target":{"file":"stack/btm/btm_acl.cc","function":"BTM_FreeSCN"}}],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-180939982.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-07-01"}]}],"versions":["9"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af"],"spl":"2021-07-01","vanir_signatures":[{"signature_version":"v1","id":"ASB-A-180939982-3192a4b1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["229649218305656428549971312928355924069","302020453849528639859788595298992076256","329111539459289314853287617962020363517","318226620072315205662574818221075035721","100087434589779038505505906702542202188","130280296058774809801173065708333676216","227120603825068718216275169200270064687","150076396632444464927396083357598623209"]},"source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","signature_type":"Line","target":{"file":"stack/btm/btm_acl.cc"}},{"signature_version":"v1","id":"ASB-A-180939982-69987113","deprecated":false,"digest":{"function_hash":"34207615692176020308457833992444319540","length":183},"source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","signature_type":"Function","target":{"file":"stack/btm/btm_acl.cc","function":"BTM_FreeSCN"}},{"signature_version":"v1","id":"ASB-A-180939982-b54b0eae","source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","digest":{"function_hash":"170137943210695062333103982890720332686","length":216},"signature_type":"Function","deprecated":false,"target":{"file":"stack/btm/btm_acl.cc","function":"BTM_TryAllocateSCN"}}],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-180939982.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-07-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af"],"spl":"2021-07-01","vanir_signatures":[{"signature_version":"v1","id":"ASB-A-180939982-645e8ba1","deprecated":false,"digest":{"function_hash":"170137943210695062333103982890720332686","length":216},"source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","signature_type":"Function","target":{"file":"stack/btm/btm_acl.cc","function":"BTM_TryAllocateSCN"}},{"signature_version":"v1","id":"ASB-A-180939982-8722f9a6","source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","digest":{"threshold":0.9,"line_hashes":["229649218305656428549971312928355924069","302020453849528639859788595298992076256","329111539459289314853287617962020363517","318226620072315205662574818221075035721","100087434589779038505505906702542202188","130280296058774809801173065708333676216","227120603825068718216275169200270064687","150076396632444464927396083357598623209"]},"signature_type":"Line","deprecated":false,"target":{"file":"stack/btm/btm_acl.cc"}},{"signature_version":"v1","id":"ASB-A-180939982-a8459a99","signature_type":"Function","digest":{"function_hash":"34207615692176020308457833992444319540","length":183},"deprecated":false,"source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","target":{"file":"stack/btm/btm_acl.cc","function":"BTM_FreeSCN"}}],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-180939982.json"}},{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-07-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af"],"spl":"2021-07-01","vanir_signatures":[{"signature_version":"v1","id":"ASB-A-180939982-1aaa3bb6","deprecated":false,"digest":{"function_hash":"34207615692176020308457833992444319540","length":183},"source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","signature_type":"Function","target":{"file":"stack/btm/btm_acl.cc","function":"BTM_FreeSCN"}},{"signature_version":"v1","id":"ASB-A-180939982-451c7e7d","source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","digest":{"threshold":0.9,"line_hashes":["229649218305656428549971312928355924069","302020453849528639859788595298992076256","329111539459289314853287617962020363517","318226620072315205662574818221075035721","100087434589779038505505906702542202188","130280296058774809801173065708333676216","227120603825068718216275169200270064687","150076396632444464927396083357598623209"]},"signature_type":"Line","deprecated":false,"target":{"file":"stack/btm/btm_acl.cc"}},{"signature_version":"v1","id":"ASB-A-180939982-4d888ce6","deprecated":false,"digest":{"function_hash":"170137943210695062333103982890720332686","length":216},"source":"https://android.googlesource.com/platform/system/bt/+/0d93359dbbe99da62528b236ba4a9ab92f06c6af","signature_type":"Function","target":{"file":"stack/btm/btm_acl.cc","function":"BTM_TryAllocateSCN"}}],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-180939982.json"}}],"schema_version":"1.7.5"}