PT-2022-11072 · Google · Android

Published

2022-04-01

Updated

2022-04-18

CVE-2021-39797

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android versions Android-12 through Android-12L

Description The issue is caused by a logic error in the code of several functions in LauncherApps.java, which could lead to a local escalation of privilege. No additional execution privileges are needed for exploitation, and user interaction is not required.

Recommendations For Android versions Android-12 through Android-12L, consider restricting access to the vulnerable functions in LauncherApps.java until a patch is available. As a temporary workaround, review the code logic in LauncherApps.java to identify and mitigate potential escalation of privilege vulnerabilities.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ASB-A-209607104

CVE-2021-39797

Affected Products

Android

PT-2022-11072 · Google · Android

CVE-2021-39797

Weakness Enumeration

Related Identifiers

Affected Products

References · 6