Vulnerability CVE-2021-0326

Vulnerability Name:

CVE-2021-0326 (CCN-196397)

Assigned:

2020-11-06

Published:

2021-02-02

Updated:

2022-01-04

Summary:

In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.9 High (CVSS v2 Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-787
CWE-120

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-0326

Source: CCN
Type: Red Hat Bugzilla Bug 1925152
(CVE-2021-0326) - CVE-2021-0326 wpa_supplicant: P2P group information processing vulnerability

Source: XF
Type: UNKNOWN
android-cve20210326-code-exec(196397)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210220 [SECURITY] [DLA 2572-1] wpa security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-1a2443baa0

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-defe51d282

Source: CCN
Type: oss-sec Mailing List, Thu, 4 Feb 2021 01:09:32 +0200
wpa_supplicant P2P group information processing vulnerability

Source: CCN
Type: oss-sec Mailing List, Sat, 6 Feb 2021 17:17:57 +0100
Re: wpa_supplicant P2P group information processing vulnerability

Source: CCN
Type: Android Open Source Project
Android Security BulletinFebruary 2021

Source: MISC
Type: Patch, Vendor Advisory
https://source.android.com/security/bulletin/2021-02-01

Source: CCN
Type: Google Web site
Android

Source: DEBIAN
Type: Third Party Advisory
DSA-4898

Vulnerable Configuration:

Configuration 1:

cpe:/o:google:android:8.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:9.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:10.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:11.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/o:google:android:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7829	P	wpa_supplicant-2.10-150500.1.3 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:52004	P	Security update for net-snmp (Moderate)	2023-01-12
oval:org.opensuse.security:def:93150	P	(Important)	2022-07-06
oval:org.opensuse.security:def:3556	P	libXext6-1.3.2-4.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3222	P	libopenssl-devel-1.0.2p-1.13 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94668	P	libnetpbm11-10.80.1-3.11.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94852	P	wpa_supplicant-2.9-4.33.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:93303	P	(Important)	2022-06-16
oval:org.opensuse.security:def:333	P	wpa_supplicant-2.9-4.29.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:386	P	wpa_supplicant-2.9-4.33.1 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:99195	P	(Important)	2022-03-30
oval:org.opensuse.security:def:100099	P	(Moderate)	2022-03-15
oval:org.opensuse.security:def:113587	P	wpa_supplicant-2.9-13.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:5937	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:106973	P	wpa_supplicant-2.9-13.4 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:1262	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)	2021-09-16
oval:org.opensuse.security:def:102198	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:101381	P	libwsman-devel-2.6.7-3.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:72092	P	wpa_supplicant-2.9-4.29.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62351	P	wpa_supplicant-2.9-4.29.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101109	P	wpa_supplicant-2.9-4.29.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:99390	P	(Important)	2021-06-23
oval:com.redhat.rhsa:def:20211686	P	RHSA-2021:1686: wpa_supplicant security, bug fix, and enhancement update (Moderate)	2021-05-18
oval:org.opensuse.security:def:31340	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:59844	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:89241	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:21408	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:55291	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:84720	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:33763	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:28935	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:58079	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:87537	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:51730	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:82675	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:125649	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:31727	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:60449	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:89499	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:23173	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:55846	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:85804	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:34021	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:29468	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:58896	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:88242	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:83230	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:126817	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:32256	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:23742	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:57163	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:86191	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:81100	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:34626	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:30023	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:59586	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:88559	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:54758	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:84262	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:127214	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:33073	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:24016	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:57550	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:86720	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:51161	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:82142	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:111221	P	Security update for wpa_supplicant (Important)	2021-02-13
oval:org.opensuse.security:def:69979	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:8889	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:92245	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:67026	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:9839	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:92997	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:70340	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:97217	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:73767	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:95485	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:9084	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:92440	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:69586	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:99589	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:108047	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:10200	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:70530	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:99000	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:76094	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:9446	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:92639	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:69780	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:99788	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:108864	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:10390	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:8699	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:92050	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:64645	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:9640	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:92838	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:117561	P	Security update for wpa_supplicant (Important)	2021-02-11

BACK