CVE-2021-0588

Name of the Vulnerable Software and Affected Versions: Android versions 8.1 through 9

Description: The issue is related to a missing permission check in the processInboundMessage function of MceStateMachine.java, which could lead to local information disclosure. This disclosure is possible through SMS and does not require any additional execution privileges or user interaction.

Recommendations: For Android versions 8.1 through 9, consider restricting access to sensitive information until a patch is available. As a temporary workaround, review and enforce strict permission checks for SMS-related functions to minimize the risk of exploitation.