In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
android.googlesource.com/platform/frameworks/base/+/1c1bc30ce345f770de44b4348420e860d0958534
android.googlesource.com/platform/frameworks/base/+/5aba70130d3539fc77cfdfb4b550d8e86acd8a60
android.googlesource.com/platform/frameworks/base/+/a13fc7f314ac56e75eca09c94db8090f928023ff
android.googlesource.com/platform/frameworks/opt/telephony/+/640387d310ce6fdfa71f606744eb903bedba57ce
android.googlesource.com/platform/frameworks/opt/telephony/+/7dfee2e7c3f762d069b8c606f8591498f109ff3e
android.googlesource.com/platform/frameworks/opt/telephony/+/93d5117cf5f528ec7ed74b4fe2df7ae7e2d207ff
android.googlesource.com/platform/frameworks/opt/telephony/+/9c392805dc4c5d5c9a95a5dec9c7f65130cd8173
android.googlesource.com/platform/frameworks/opt/telephony/+/f587f04d306f2faa9e102d9e2de87a403a48638e
android.googlesource.com/platform/packages/providers/ContactsProvider/+/129cc56868dfc198de41909ff9d6c542a84a4c21
source.android.com/security/bulletin/2021-09-01