CVE-2021-38788

Name of the Vulnerable Software and Affected Versions Allwinner R818 SoC Android Q SDK version V1.0

Description The Background service in the affected software is used to manage background applications. Malicious apps can exploit the interface provided by this service to set the number of applications allowed to run in the background to 0 and add themselves to the whitelist. This results in other applications being forcibly stopped by the system once they enter the background, causing a denial of service.

Recommendations For Allwinner R818 SoC Android Q SDK version V1.0, consider restricting access to the Background service interface to prevent malicious apps from manipulating the background application settings. As a temporary workaround, review and monitor the whitelist for any suspicious additions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.