CVE-2021-39653

Name of the Vulnerable Software and Affected Versions: Android kernel

Description: The issue allows for local escalation of privilege due to a missing warning to the user, enabling a possible way to boot with a hidden debug policy. This could be exploited by preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations: For Android kernel, consider implementing a warning to the user when booting with a hidden debug policy to prevent local escalation of privilege. As a temporary workaround, restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.