CVE-2021-39697

Name of the Vulnerable Software and Affected Versions Android versions Android-11 through Android-12

Description The issue is related to a missing permission check in the checkFileUriDestination function of DownloadProvider.java. This could allow bypassing external storage private directories protection, leading to local escalation of privilege. User execution privileges are needed for exploitation, and user interaction is not required.

Recommendations For Android versions Android-11 through Android-12, consider restricting access to the checkFileUriDestination function of DownloadProvider.java until a patch is available. As a temporary workaround, review and enforce proper permission checks for external storage private directories to minimize the risk of exploitation.