CVE-2021-0328 — Missing Authorization in Packages Apps Bluetooth

CWE-862 — Missing Authorization CWE-269 — Improper Privilege Management5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Apps Bluetooth Google Android

Timeline

PublishedFeb 10

Latest updateMay 24

Description

In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172670415

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/androidAndroid-10 Android-11 Android-8.1 Android-9

▶NVDgoogle/android4 versions+3

▶Androidplatform/packages_apps_bluetooth8.0:0 — 8.0:2021-02-01+4

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-73px-6q8p-4pc2: In onBatchScanReports and deliverBatchScan of GattService↗2022-05-24

▶

CVEList

CVE-2021-0328: In onBatchScanReports and deliverBatchScan of GattService↗2021-02-10

▶

OSV

CVE-2021-0328: In onBatchScanReports and deliverBatchScan of GattService↗2021-02-01

▶

📋Vendor Advisories

Android

CVE-2021-0328: Android Security Bulletin 2021-02-01 CVE: CVE-2021-0328 Severity: HIGH Type: EoP Affected AOSP versions: 8↗2021-02-01

▶