2 matches found
CVE-2021-0398
In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...
CVE-2021-0398
CVE-2021-0398 describes a local EoP in Android 11 where ActiveServices.bindServiceLocked could allow a confused deputy to launch a foreground service, requiring no user interaction. The vulnerability is rooted in bindServiceLocked in ActiveServices.java, with the potential to elevate privileges w...