CVE-2021-0326
Description
An out-of-bounds write in Android's Wi-Fi Direct P2P component allows remote code execution on devices performing a Wi-Fi Direct search.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds write in Android's Wi-Fi Direct P2P component allows remote code execution on devices performing a Wi-Fi Direct search.
Vulnerability
In p2p.c, the function p2p_copy_client_info performs an out-of-bounds write due to a missing bounds check. This vulnerability affects Android versions 8.1, 9, 10, and 11. The code path is reachable during a Wi-Fi Direct search when the device communicates with a malicious peer.
Exploitation
An attacker can trigger this by sending a specially crafted Wi-Fi Direct message to a target device that is actively searching for Wi-Fi Direct peers. No user interaction or additional privileges are required. The attack is performed remotely over Wi-Fi.
Impact
Successful exploitation leads to remote code execution in the context of a privileged process, potentially allowing full device compromise. The severity is rated high.
Mitigation
Google released a fix in the Android Security Bulletin for February 2021 [1], with security patch level 2021-02-05. Users should update to this patch level or later. No workaround is available. The vulnerability is not listed on CISA's KEV at the time of writing.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
34- Google/Androiddescription
- Range: 8.1, 9, 10, 11
- osv-coords32 versionspkg:rpm/opensuse/wpa_supplicant&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/wpa_supplicant&distro=openSUSE%20Tumbleweedpkg:rpm/suse/wpa_supplicant&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/wpa_supplicant&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/wpa_supplicant&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/wpa_supplicant&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/wpa_supplicant&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/wpa_supplicant&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 2.9-lp152.8.6.1+ 31 more
- (no CPE)range: < 2.9-lp152.8.6.1
- (no CPE)range: < 2.9-13.4
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.9-23.6.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.9-23.6.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.9-4.23.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.6-15.13.1
- (no CPE)range: < 2.6-15.13.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMHPFCON6ZFCGZXSASJFKQ3UX2UIYMND/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOSA6DZUDLVOCYJNNXD6V3MRBVLCXZFH/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2021/dsa-4898mitrevendor-advisoryx_refsource_DEBIAN
- lists.debian.org/debian-lts-announce/2021/02/msg00033.htmlmitremailing-listx_refsource_MLIST
- source.android.com/security/bulletin/2021-02-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.