CVE-2021-1035

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-12

Description In the setLaunchIntent method of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android versions Android-10 through Android-12, consider restricting access to the BluetoothDevicePickerPreferenceController until a patch is available. As a temporary workaround, disabling the setLaunchIntent method could minimize the risk of exploitation.