CVE-2021-39630

Name of the Vulnerable Software and Affected Versions Android versions Android-12

Description In the executeRequest method of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android version Android-12, consider restricting access to the OverlayManagerService until a patch is available. As a temporary workaround, avoid using the executeRequest method in OverlayManagerService.java to minimize the risk of exploitation.