CVE-2021-0547

Name of the Vulnerable Software and Affected Versions: Android version Android-11

Description: In the onReceive method of NetInitiatedActivity.java, a missing permission check allows an attacker-controlled value to be supplied to a GPS HAL handler. This could lead to local escalation of privilege, resulting in undefined behavior in some HAL implementations without requiring additional execution privileges. User interaction is not needed for exploitation.

Recommendations: For Android version Android-11, apply the necessary patch to fix the missing permission check in NetInitiatedActivity.java to prevent supplying attacker-controlled values to the GPS HAL handler. As a temporary workaround, consider restricting access to the GPS HAL handler until a patch is available.