CVE-2020-27039

Name of the Vulnerable Software and Affected Versions Android versions Android-11

Description The issue is related to a possible permission bypass due to an unsafe PendingIntent in the postNotification of ServiceRecord.java. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android version Android-11, consider restricting access to the postNotification function in ServiceRecord.java to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and limit the use of PendingIntent to prevent potential permission bypass.