CVE-2021-39619

Name of the Vulnerable Software and Affected Versions Android versions Android-11 through Android-12

Description In the updatePackageMappingsData function of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android versions Android-11 through Android-12, consider restricting access to the updatePackageMappingsData function in UsageStatsService.java to minimize the risk of exploitation. As a temporary workaround, disabling the updatePackageMappingsData function until a patch is available may help mitigate the issue.