{"id":"ASB-A-356630194","details":"In handlePollingLoopData of hal_fwlog.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-356630194","CVE-2025-0096"],"modified":"2026-04-17T15:55:28.020024Z","published":"2025-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/hardware/st/nfc/+/58728fc8363b3b073f1561b253da4a42998fed11"}],"affected":[{"package":{"name":"platform/hardware/st/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-02-01"}]}],"versions":["15-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","id":"ASB-A-356630194-1749863c","deprecated":false,"signature_version":"v1","digest":{"length":2175,"function_hash":"165987197722151145039007725392439655065"},"source":"https://android.googlesource.com/platform/hardware/st/nfc/+/b7056d70f2cdd1596a95048e4ee80b6d91bcb3e0","target":{"file":"st21nfc/hal/hal_fwlog.cc","function":"handlePollingLoopData"}},{"signature_type":"Line","id":"ASB-A-356630194-f240b6c5","deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["184901186016634046180835950952564806967","186216076513178507879449714996662973261","126698021011107253298906417944068204446","259331588106946646897741373686426685891"]},"source":"https://android.googlesource.com/platform/hardware/st/nfc/+/b7056d70f2cdd1596a95048e4ee80b6d91bcb3e0","target":{"file":"st21nfc/hal/hal_fwlog.cc"}}],"severity":"High","types":["EoP"],"spl":"2025-02-01","fixes":["https://android.googlesource.com/platform/hardware/st/nfc/+/b7056d70f2cdd1596a95048e4ee80b6d91bcb3e0"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-356630194.json"}},{"package":{"name":"platform/hardware/st/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-02-01"}]}],"versions":["15"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","id":"ASB-A-356630194-2a5c8d54","deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["184901186016634046180835950952564806967","186216076513178507879449714996662973261","126698021011107253298906417944068204446","259331588106946646897741373686426685891"]},"source":"https://android.googlesource.com/platform/hardware/st/nfc/+/2c6225e82a0d3d721fb84a3828a9916bc9b7aa89","target":{"file":"st21nfc/hal/hal_fwlog.cc"}},{"signature_type":"Function","id":"ASB-A-356630194-771909bc","deprecated":false,"signature_version":"v1","digest":{"length":2175,"function_hash":"165987197722151145039007725392439655065"},"source":"https://android.googlesource.com/platform/hardware/st/nfc/+/2c6225e82a0d3d721fb84a3828a9916bc9b7aa89","target":{"file":"st21nfc/hal/hal_fwlog.cc","function":"handlePollingLoopData"}}],"severity":"High","types":["EoP"],"spl":"2025-02-01","fixes":["https://android.googlesource.com/platform/hardware/st/nfc/+/2c6225e82a0d3d721fb84a3828a9916bc9b7aa89"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-356630194.json"}}],"schema_version":"1.7.5"}