In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Android | 10.0 (including) | 10.0 (including) | |
Android | 11.0 (including) | 11.0 (including) | |
Android | 12.0 (including) | 12.0 (including) | |
Android | 12.1 (including) | 12.1 (including) |