{"vulnerability": "CVE-2021-3967", "sightings": [{"uuid": "1c550d20-edbd-492d-b8af-0698c91f1a79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39675", "type": "published-proof-of-concept", "source": "https://t.me/ckuRED/90", "content": "CVE-2021-39675, is present in the mobile OS's System component, and can be abused to achieve remote escalation of privilege without the user needing to do anything at all, and \"with no additional execution privileges needed,\" as Google puts it. \n\nhttps://source.android.com/security/bulletin/2022-02-01\n\nChange management: https://android.googlesource.com/platform/system/nfc/+/fef77a189022aa7ac53136e582a1444b1d2ef5f0%5E%21/#F0\n\nReference: https://www.theregister.com/2022/02/09/android_security_bulletin/", "creation_timestamp": "2022-02-09T17:42:02.000000Z"}, {"uuid": "983e68ad-1705-4a02-b5dc-3d54a2f88f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39675", "type": "seen", "source": "https://t.me/cyberbannews_ir/5070", "content": "\ud83d\uded1\u0627\u0635\u0644\u0627\u062d \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u062f\u0631 \u0627\u0646\u062f\u0631\u0648\u06cc\u062f 12\n\n\u06af\u0648\u06af\u0644 \u0628\u0627 \u0627\u0646\u062a\u0634\u0627\u0631 \u0622\u067e\u062f\u06cc\u062a \u0627\u0645\u0646\u06cc\u062a\u06cc \u0641\u0648\u0631\u06cc\u0647 2022 \u0627\u0646\u062f\u0631\u0648\u06cc\u062f\u060c \u062f\u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u0631\u0627 \u0627\u0635\u0644\u0627\u062d \u06a9\u0631\u062f. \u06cc\u06a9\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0627\u0632 \u0646\u0648\u0639 \u0627\u0631\u062a\u0642\u0627\u0621 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u062f\u062e\u0627\u0644\u062a \u06a9\u0627\u0631\u0628\u0631 \u0646\u06cc\u0627\u0632 \u0646\u062f\u0627\u0631\u062f.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc (CVE-2021-39675) \u062a\u0646\u0647\u0627\u060c \u0627\u0646\u062f\u0631\u0648\u06cc\u062f 12 \u0631\u0627 \u062a\u062d\u062a \u0627\u0644\u0634\u0639\u0627\u0639 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f. \n\n#\u0627\u0646\u062f\u0631\u0648\u06cc\u062f\n\n\u2705 \u0628\u06cc\u0634\u062a\u0631 \u0628\u062e\u0648\u0627\u0646\u06cc\u062f:\nhttps://bit.ly/3gAtDpq\n\n@cyberbannews_ir", "creation_timestamp": "2022-02-09T10:35:01.000000Z"}, {"uuid": "ad3e8758-327c-4a91-987f-3985899708d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39675", "type": "published-proof-of-concept", "source": "https://t.me/alexmakus/4555", "content": "\u0424\u0435\u0432\u0440\u0430\u043b\u044c\u0441\u043a\u0438\u0439 \u043f\u0430\u0442\u0447 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f Android, \u043f\u043e\u043c\u0438\u043c\u043e \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 CVE-2021-39675 \u2014\u00a0\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u044d\u0441\u043a\u0430\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0431\u0435\u0437 \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u0441\u0442\u0435\u0441\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u043e\u044f\u0441\u043d\u044f\u0435\u0442 Google \u0432 \u0441\u0432\u043e\u0435\u043c \u043f\u043e\u0441\u0442\u0435:\n\nhttps://source.android.com/security/bulletin/2022-02-01\n\n\u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0434\u0435\u0442\u0430\u043b\u0435\u0439 \u043c\u0430\u043b\u043e, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e, \u0432\u0438\u0434\u0438\u043c\u043e, \u043d\u0443\u0436\u043d\u043e \u0434\u0430\u0442\u044c \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c \u0432\u044b\u043a\u0430\u0442\u0438\u0442\u044c \u0430\u043f\u0434\u0435\u0439\u0442 \u0434\u043b\u044f \u0441\u0432\u043e\u0438\u0445 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432. \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u0447\u0442\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u043a\u043e\u0434\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0440\u0430\u0431\u043e\u0442\u0443 NFC, \u0442\u0430\u043a \u0447\u0442\u043e, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0433\u0434\u0435-\u0442\u043e \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u0442\u0435. \nhttps://android.googlesource.com/platform/system/nfc/+/fef77a189022aa7ac53136e582a1444b1d2ef5f0%5E%21/#F0\n\n\u041a\u0441\u0442\u0430\u0442\u0438, \u0435\u0441\u043b\u0438 \u0443 \u0432\u0430\u0441 Pixel 3/3XL, \u0442\u043e \u044d\u0442\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0430\u043f\u0434\u0435\u0439\u0442, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u043b\u0443\u0447\u0430\u0442 \u044d\u0442\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.", "creation_timestamp": "2022-02-09T15:15:00.000000Z"}, {"uuid": "c856ddfe-0a88-41ee-8e46-927360b1d0c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39675", "type": "published-proof-of-concept", "source": "https://t.me/cKure/8747", "content": "CVE-2021-39675, is present in the mobile OS's System component, and can be abused to achieve remote escalation of privilege without the user needing to do anything at all, and \"with no additional execution privileges needed,\" as Google puts it. \n\nhttps://source.android.com/security/bulletin/2022-02-01\n\nChange management: https://android.googlesource.com/platform/system/nfc/+/fef77a189022aa7ac53136e582a1444b1d2ef5f0%5E%21/#F0\n\nReference: https://www.theregister.com/2022/02/09/android_security_bulletin/", "creation_timestamp": "2022-02-09T17:42:07.000000Z"}, {"uuid": "7f3bbd3d-737f-49ee-b33a-9b5abde917d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39670", "type": "seen", "source": "https://t.me/cibsecurity/42280", "content": "\u203c CVE-2021-39670 \u203c\n\nIn setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-204087139\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T00:33:09.000000Z"}, {"uuid": "9da86ff4-19ba-4af7-a407-6a0c236a900b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39671", "type": "seen", "source": "https://t.me/cibsecurity/37343", "content": "\u203c CVE-2021-39671 \u203c\n\nIn code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:35:15.000000Z"}, {"uuid": "7be410d3-c151-4c59-8614-904725fb2f42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39677", "type": "seen", "source": "https://t.me/cibsecurity/37330", "content": "\u203c CVE-2021-39677 \u203c\n\nIn startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is \u00e2\u20ac\u02dczero\u00e2\u20ac\u2122 in size.Product: AndroidVersions: Android-11Android ID: A-205097028\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:34:54.000000Z"}, {"uuid": "377fd19d-7c0a-4ee3-8ba4-86c16f6975f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-39675", "type": "seen", "source": "https://t.me/cibsecurity/37325", "content": "\u203c CVE-2021-39675 \u203c\n\nIn GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205729183\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T20:34:48.000000Z"}]}