CVE-2021-0641

Name of the Vulnerable Software and Affected Versions Android versions Android-8.1 through Android-11

Description The issue is related to a missing permission check in the getAvailableSubscriptionInfoList function of SubscriptionController.java. This could lead to the disclosure of unique identifiers, resulting in local information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android versions Android-8.1 through Android-11, consider restricting access to the getAvailableSubscriptionInfoList function of SubscriptionController.java until a patch is available. As a temporary workaround, disabling the getAvailableSubscriptionInfoList function can help minimize the risk of exploitation.