#VU61095 Buffer overflow in Google Android - CVE-2021-39685
Published: March 8, 2022 / Updated: March 8, 2022
Vulnerability identifier: #VU61095
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2021-39685
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a malicious host to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the USB subsystem in Linux kernel. A malicious USB device can trigger memory corruption and execute arbitrary code on the system.
Remediation
Install updates from vendor's website.
External links
- https://source.android.com/security/bulletin/2022-03-01#details-05
- https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de
- https://android.googlesource.com/kernel/common/+/53afb231f54a69d827b882fa282b30bb10cb08a5
- https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88