CVE-2021-1008Google Android vulnerability

5 documents5 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 97.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks OPT TelephonyGoogle Android
Timeline
PublishedDec 15
Latest updateDec 16

Description

In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197327688

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/androidAndroid-12
NVDgoogle/android12.0
Androidplatform/frameworks_opt_telephony12:012:2021-12-01

🔴Vulnerability Details

3
GHSA
GHSA-96j7-8ppq-5hjv: In addSubInfo of SubscriptionController2021-12-16
CVEList
CVE-2021-1008: In addSubInfo of SubscriptionController2021-12-15
OSV
CVE-2021-1008: In addSubInfo of SubscriptionController2021-12-01

💥Exploits & PoCs

1
Nuclei
XStream <1.4.16 - Remote Code Execution
CVE-2021-1008 — Google Android vulnerability | cvebase