CVE-2021-0467 - In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. Thi

CVE-2021-0467

Summary

In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-174490700

References

https://source.android.com/security/bulletin/2021-05-01

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 22-06-2021 - 20:49)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

Last major update

22-06-2021 - 20:49

Published

14-06-2021 - 20:15

Last modified

22-06-2021 - 20:49