In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

2020-11-0100:00:00

Google

osv.dev

beamtransfermanager

pendingintent

information disclosure

user execution privileges

local exploit

software

EPSS

Percentile

5.1%

Bulletin has no description

References

android.googlesource.com/platform/packages/apps/Nfc/+/a169b94cd130c88df3e5185edeffff6fe1bae2a0

source.android.com/security/bulletin/2020-11-01#2020-11-01-security-patch-level-vulnerability-details

EPSS

Percentile

5.1%

Related for OSV:ASB-A-159060474