{"id":"ASB-A-197536150","details":"In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-197536150","CVE-2021-0918"],"modified":"2026-04-17T15:55:28.020024Z","published":"2021-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/bt/+/4650d4d536be3978fdc436cee3833d443dff9dc7"}],"affected":[{"package":{"name":"platform/system/bt","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2021-11-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/bt/+/1da56d1c815aa4854aa42f721732070333e5e924"],"severity":"Critical","types":["RCE"],"spl":"2021-11-01","vanir_signatures":[{"deprecated":false,"target":{"function":"gatt_process_notification","file":"stack/gatt/gatt_cl.cc"},"id":"ASB-A-197536150-5728f832","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"26913781226188133321996820393535727853","length":2039},"source":"https://android.googlesource.com/platform/system/bt/+/1da56d1c815aa4854aa42f721732070333e5e924"},{"deprecated":false,"target":{"file":"stack/gatt/gatt_cl.cc"},"id":"ASB-A-197536150-cac340bf","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["263351727945242443198419910108234088999","215959328734252488538789857605089722536","177314257739948461637375820928899862427","273244160455707977690419984474562053006","3688939122602890828211417145946539869","218562852323977496439307155907225093812","28744823201951060900847204068989041602","184886637897940690416800921108138984227","322897270372358409931080979741386700900","324969063048824274580802445987268853467","99905546778425004443358206112072887364","236008135547716817083878114252528268941","77807959498558541398806755521998180505","49216615266353466593051667309184881851","25946422154328594939622823235039427611","223214443494564033154917232870920751302","273527287006623407176190625645015716315","210535520868327139722747463639456754173","92678986055385520389022625704369976577","256362888509717411703778781977620156684","203108565820699953555115457339783957893","11454444934347358698576907855221095319","224515817879569649994822331150918785956","297585793797960739489230950370041601223","144669473508439479125596821811087021230","143859943361670814156163004842080285498","266628536319323679248287883643312044170","95405965563415794794552108999295640797","64146400298051000994291194842497737603","331105659975516969580227097925127286666","79040732532480894151709892515207405695","182551763619509261787593915462329231863","323954921331896375207921569188563678189","176198377648225326757818059542210719735","117123222244070121711912654173552593600","176823608437112851686876880658303180255","304545390980502696862813090489965282640","164855914625600405914929802739953942173","126789249950179412328225551617687008167","208949767694485105233882983531723465386","182737131842596855602572893298260674736","289362625694009238854380438121294881527","62490829965097358699357724906255895044","231464616497715019551895957321515780992","335440247059468334519619408881895798573","200753983935550736897393171627738280737","62194403501086723688442196410380487797","38259162172126893982782955877788195791","321452225317843180656170827151548267473","64029243776140529983528886840061075494","182216370432332151597401037967625495238","329316262691762984547212998603801297837","116616660018330675260120505943300106776","47871420253682481700673608684239343180","151348780378964413055757106119577724734","14197393302229346368403931393585807209","86263837772706382545263120685471036296","123055670064034706501670025806893759867","339249938651539565175509894371977000731","295884884291823743481271285296777727842","7631527641254190347466381652986983346","303161913086644891347924988498399412021","330689368519576095193604308252422305868"],"threshold":0.9},"source":"https://android.googlesource.com/platform/system/bt/+/1da56d1c815aa4854aa42f721732070333e5e924"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-197536150.json"}}],"schema_version":"1.7.5"}