CVE-2021-0336

Name of the Vulnerable Software and Affected Versions: Android versions Android-8.1 through Android-11

Description: The issue is related to a possible permissions bypass due to a mutable PendingIntent in the onReceive of BluetoothPermissionRequest.java. This could lead to local escalation of privilege, bypassing a permission check, with User execution privileges needed. User interaction is not needed for exploitation.

Recommendations: For Android versions Android-8.1 through Android-11, consider restricting access to the BluetoothPermissionRequest.java module to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the use of mutable PendingIntents in the onReceive function may help mitigate the issue.