CVE-2021-0923

Name of the Vulnerable Software and Affected Versions Android versions Android-12

Description In the createOrUpdate function of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android version Android-12, consider restricting access to the createOrUpdate function in Permission.java until a patch is available. As a temporary workaround, review and manually verify all permission updates to minimize the risk of exploitation.