{"api_version":"1","generated_at":"2026-04-23T03:06:38+00:00","cve":"CVE-2021-0956","urls":{"html":"https://cve.report/CVE-2021-0956","api":"https://cve.report/api/cve/CVE-2021-0956.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-0956","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-0956"},"summary":{"title":"CVE-2021-0956","description":"In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532","state":"PUBLIC","assigner":"security@android.com","published_at":"2021-12-15 19:15:00","updated_at":"2021-12-20 15:13:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/2021-12-01","name":"https://source.android.com/security/bulletin/2021-12-01","refsource":"MISC","tags":[],"title":"Android Security Bulletin—December 2021  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-0956","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0956","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"956","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"956","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-0956","qid":"610385","title":"Google Android December 2021 Security Patch Missing for Samsung"},{"cve":"CVE-2021-0956","qid":"610386","title":"Google Android Devices December 2021 Security Patch Missing"},{"cve":"CVE-2021-0956","qid":"610387","title":"Google Android December 2021 Security Patch Missing for LGE"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-0956","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-11 Android-12"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of privilege"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/2021-12-01","url":"https://source.android.com/security/bulletin/2021-12-01"}]},"description":{"description_data":[{"lang":"eng","value":"In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532"}]}},"nvd":{"publishedDate":"2021-12-15 19:15:00","lastModifiedDate":"2021-12-20 15:13:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"956","Ordinal":"190658","Title":"CVE-2021-0956","CVE":"CVE-2021-0956","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"956","Ordinal":"1","NoteData":"In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532","Type":"Description","Title":null},{"CveYear":"2021","CveId":"956","Ordinal":"2","NoteData":"2021-12-15","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"956","Ordinal":"3","NoteData":"2021-12-15","Type":"Other","Title":"Modified"}]}}}