3 matches found
ASB-A-228314987
In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2021-39807
In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed...
CVE-2021-39807
CVE-2021-39807 describes a local elevation-of-privilege flaw in Android’s SecureNfcEnabler.java (handleNfcStateChanged) that allows enabling NFC from a Guest account due to a missing permission check. Affected products/versions include Android 10, 11, 12, and 12L. The impact is local privilege es...