Missing Initialization of Resource
CVE-2021-0966
Summary
In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-909 - Missing Initialization of Resource
The software does not initialize a critical resource.
References
Advisory Timeline
- Published