CVE-2021-1003

Name of the Vulnerable Software and Affected Versions Android versions Android-12

Description The issue is related to a confused deputy in the adjustStreamVolume method of AudioService.java, allowing an unprivileged app to change the audio stream volume. This could lead to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android version Android-12, consider restricting access to the adjustStreamVolume method in AudioService.java to prevent unprivileged apps from changing the audio stream volume until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.