CVE-2021-0317

2021-01-1121:47:38

google_android

www.cve.org

logic error

local escalation

user interaction

android-10

android-11

android-8.0

android-8.1

android-9

EPSS

Percentile

15.9%

JSON

In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11, Android-8.0, Android-8.1, Android-9; Android ID: A-168319670.

CNA Affected

[
  {
    "product": "Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android-10"
      },
      {
        "status": "affected",
        "version": "Android-11"
      },
      {
        "status": "affected",
        "version": "Android-8.0"
      },
      {
        "status": "affected",
        "version": "Android-8.1"
      },
      {
        "status": "affected",
        "version": "Android-9"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2021-01-01

EPSS

Percentile

15.9%

JSON

Related for CVELIST:CVE-2021-0317