CVE-2021-39706

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-12

Description The issue is related to a missing permission check in the onResume method of CredentialStorage.java. This could allow for the cleanup of credentials storage content, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is necessary for exploitation.

Recommendations For Android versions Android-10 through Android-12, consider restricting access to sensitive credential storage until a fix is available. As a temporary workaround, avoid using the affected CredentialStorage.java functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.