{"api_version":"1","generated_at":"2026-04-23T02:37:36+00:00","cve":"CVE-2021-0338","urls":{"html":"https://cve.report/CVE-2021-0338","api":"https://cve.report/api/cve/CVE-2021-0338.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-0338","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-0338"},"summary":{"title":"CVE-2021-0338","description":"In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156260178","state":"PUBLIC","assigner":"security@android.com","published_at":"2021-02-10 17:15:00","updated_at":"2022-06-28 14:11:00"},"problem_types":["CWE-770"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/2021-02-01","name":"https://source.android.com/security/bulletin/2021-02-01","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"Android Security Bulletin—February 2021  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-0338","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0338","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"338","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"338","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"338","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"338","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-0338","qid":"610317","title":"Google Android Devices February 2021 Security Patch Missing"},{"cve":"CVE-2021-0338","qid":"610318","title":"Google Android February 2021 Security Patch Missing for Huawei EMUI"},{"cve":"CVE-2021-0338","qid":"610319","title":"Google Android February 2021 Security Patch Missing for LGE"},{"cve":"CVE-2021-0338","qid":"610320","title":"Google Android February 2021 Security Patch Missing for Samsung"},{"cve":"CVE-2021-0338","qid":"610330","title":"Google Android April 2021 Security Patch Missing for Samsung"},{"cve":"CVE-2021-0338","qid":"610332","title":"Google Android April 2021 Security Patch Missing for LGE"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-0338","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-10 Android-11"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Denial of service"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/2021-02-01","url":"https://source.android.com/security/bulletin/2021-02-01"}]},"description":{"description_data":[{"lang":"eng","value":"In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156260178"}]}},"nvd":{"publishedDate":"2021-02-10 17:15:00","lastModifiedDate":"2022-06-28 14:11:00","problem_types":["CWE-770"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":4.9},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"338","Ordinal":"190040","Title":"CVE-2021-0338","CVE":"CVE-2021-0338","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"338","Ordinal":"1","NoteData":"In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156260178","Type":"Description","Title":null},{"CveYear":"2021","CveId":"338","Ordinal":"2","NoteData":"2021-02-10","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"338","Ordinal":"3","NoteData":"2021-02-10","Type":"Other","Title":"Modified"}]}}}