CVE-2021-0372

Name of the Vulnerable Software and Affected Versions: Android versions Android-11

Description: The issue is related to a possible permission bypass due to an unsafe PendingIntent in the getMediaOutputSliceAction of RemoteMediaSlice.java. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Recommendations: For Android version Android-11, consider restricting the use of the getMediaOutputSliceAction function in RemoteMediaSlice.java to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and restrict any unnecessary use of PendingIntent to prevent potential permission bypass.