CVE-2021-0932

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description The issue is related to a possible confused deputy due to an unsafe PendingIntent in the showNotification function of NavigationModeController.java. This could lead to local escalation of privilege, allowing actions to be performed as the System UI with User execution privileges needed. User interaction is not required for exploitation.

Recommendations For Android version Android-10, consider restricting the use of the showNotification function in NavigationModeController.java until a patch is available. As a temporary workaround, review and limit the use of PendingIntent to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.