CVE-2021-0369

Name of the Vulnerable Software and Affected Versions: Android version Android-11

Description: The issue is caused by a logic error in the code of CrossProfileAppsServiceImpl.java, which can lead to an application's INTERACT ACROSS PROFILES grant state not displaying properly in the setting UI. This could result in local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.

Recommendations: For Android version Android-11, update to a version that includes the fix for the logic error in CrossProfileAppsServiceImpl.java to prevent local escalation of privilege. As a temporary workaround, consider restricting user interaction with the affected setting UI until a patch is available.