CVE-2021-39658

2022-02-1117:40:47

google_android

www.cve.org

unisoc

ismsex service

vulnerability

third-party apps

modify

system properties

android

soc

a-207479207

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

44.2%

JSON

ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service，but it does not check the permissions of the caller，resulting in permission leaks。Third-party apps can use this service to arbitrarily modify and set system properties。Product: AndroidVersions: Android SoCAndroid ID: A-207479207

CNA Affected

[
  {
    "product": "Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android SoC"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2022-02-01