Google Android CarSetings elevation of privilege vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android CarSetings suffers from an elevation of privilege vulnerability that stems from a lack of privilege checking. An attacker exploits the vulnerability to bypass user consent to pair a BT device, resulting in a...

CVE-2021-39738

In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2021-39738

CVE-2021-39738 concerns Google Android CarSetings: a missing permission check allows pairing a Bluetooth device without user consent, enabling local elevation of privilege without extra execution privileges. Affected: CarSetings on Android 10, 11, 12, and 12L. Exploitation is described as local w...

CVE-2021-25406

Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information...

Information disclosure

Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information...

CVE-2021-25406

CVE-2021-25406 affects Gear S Plugin prior to 2.2.05.20122441. The vulnerability is an information exposure where untrusted applications can access information about connected Bluetooth devices via the Gear S Plugin. The sources consistently describe an information disclosure impact but do not pr...

CVE-2021-25406

Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information...