PT-2021-13281 · Google · Android

Published

2021-08-01

Updated

2022-07-12

CVE-2021-0645

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android version 11

Description The issue is related to a possible permissions bypass in the shouldBlockFromTree function of ExternalStorageProvider.java. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11. No additional execution privileges are needed, but user interaction is required for exploitation.

Recommendations For Android version 11, update to a version that includes the fix for this issue, as user interaction is needed for exploitation and this could lead to local escalation of privilege.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ASB-A-157320644

CVE-2021-0645

Affected Products

Android

PT-2021-13281 · Google · Android

CVE-2021-0645

Weakness Enumeration

Related Identifiers

Affected Products

References · 6