PT-2021-13288 · Google · Android Kernel

Published

2021-07-14

Updated

2022-07-12

CVE-2021-0654

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a missing permission check in the isRealSnapshot function of TaskThumbnailView.java. This could lead to local information disclosure from locked profiles, and user interaction is required for exploitation. No additional execution privileges are needed.

Recommendations For Android kernel, consider implementing a permission check in the isRealSnapshot function of TaskThumbnailView.java to prevent potential data exposure. As a temporary workaround, restrict access to sensitive information from locked profiles to minimize the risk of exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-0654

Affected Products

Android Kernel

PT-2021-13288 · Google · Android Kernel

CVE-2021-0654

Weakness Enumeration

Related Identifiers

Affected Products

References · 2