A vulnerability was found in Google Android 8.1/9.0/10.0/11.0 (Smartphone Operating System). It has been declared as critical. This vulnerability affects the function avrc_msg_cback of the file avrc_api.cc. Applying a patch is able to eliminate this problem.

Description

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

AndroidVersions

1. Android-11
2. Android-8.1
3. Android-9
4. Android-10
5. Android ID: A-177611958

This vulnerability affects the function avrc_msg_cback of the file avrc_api.cc. The manipulation with an unknown input leads to a memory corruption vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

Base Score: 7.3

Mitigation

Applying a patch is able to eliminate this problem.