CVE-2021-0694Incorrect Authorization in Google Android

CWE-863Incorrect Authorization4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks BaseGoogle Android
Timeline
PublishedApr 12
Latest updateApr 13

Description

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5google/androidAndroid-11
NVDgoogle/android11.0
Androidplatform/frameworks_base11:011:2022-04-01

🔴Vulnerability Details

2
GHSA
GHSA-hg4j-gvwp-3f8g: In setServiceForegroundInnerLocked of ActiveServices2022-04-13
OSV
CVE-2021-0694: In setServiceForegroundInnerLocked of ActiveServices2022-04-01

📋Vendor Advisories

1
Android
CVE-2021-0694: Android Security Bulletin 2022-04-01 CVE: CVE-2021-0694 Severity: HIGH Type: EoP Affected AOSP versions: 11 References: A-1831471142022-04-01
CVE-2021-0694 — Incorrect Authorization in Google | cvebase