PT-2022-10978 · Google · Android

Published

2022-03-01

Updated

2022-03-23

CVE-2021-39695

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android versions Android-11

Description A logic error in the createOrUpdate function of BasePermission.java can lead to a permission bypass, potentially resulting in local escalation of privilege. This issue requires User execution privileges and does not need user interaction for exploitation.

Recommendations For Android version Android-11, consider restricting access to the createOrUpdate function of BasePermission.java until a patch is available. As a temporary workaround, review and adjust permission settings to minimize the risk of exploitation.

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

ASB-A-209607944

CVE-2021-39695

Affected Products

Android

PT-2022-10978 · Google · Android

CVE-2021-39695

Weakness Enumeration

Related Identifiers

Affected Products

References · 6