CVE-2021-0510: 
NixOS vulnerability analysis and mitigation

In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds write vulnerability due to an integer overflow (CVE-2021-0510). This vulnerability affects Android versions 8.1, 9, 10, and 11. The vulnerability was discovered and assigned in November 2020 and publicly disclosed in June 2021 (NVD, CVE).

The vulnerability is classified with CWE-787 (Out-of-bounds Write) and CWE-190 (Integer Overflow or Wraparound). It has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, low privileges required, no user interaction needed, and high impacts on confidentiality, integrity, and availability (NVD).

The vulnerability could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation, making it particularly dangerous as it could allow attackers to gain elevated system access (NVD).

Google has addressed this vulnerability in the Android Security Bulletin for June 2021. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).