CVE-2021-0466

Name of the Vulnerable Software and Affected Versions: Android versions Android-10

Description: The issue is related to a possible identifier in the startIpClient of ClientModeImpl.java that could be used to track a device, leading to remote information disclosure to a proximal attacker. No additional execution privileges are needed, and user interaction is not required for exploitation.

Recommendations: For Android version Android-10, consider restricting access to sensitive device information to minimize the risk of exploitation. As a temporary workaround, review and limit the use of identifiers in the ClientModeImpl.java until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.