CVE-2021-0643

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-12

Description In the getAllSubInfoList function of SubscriptionController.java, a missing permission check allows for the retrieval of a long-term identifier without the correct permissions. This could lead to local information disclosure, requiring User execution privileges. No user interaction is needed for exploitation.

Recommendations For Android versions Android-10 through Android-12, apply the necessary permission checks to the getAllSubInfoList function in SubscriptionController.java to prevent unauthorized access to long-term identifiers. As a temporary workaround, consider restricting access to sensitive information handled by the SubscriptionController.java until a proper fix is implemented.