CVE-2021-1015 — Observable Discrepancy in Google Android

CWE-203 — Observable Discrepancy5 documents4 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 98.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Services Telephony Google Android

Timeline

PublishedDec 15

Latest updateApr 20

Description

In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530496

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5google/androidAndroid-12

▶NVDgoogle/android12.0

▶Androidplatform/packages_services_telephony12:0 — 12:2021-12-01

🔴Vulnerability Details

OSV

linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities↗2022-04-20

▶

GHSA

GHSA-h42c-m8vj-q7px: In getMeidForSlot of PhoneInterfaceManager↗2021-12-16

▶

CVEList

CVE-2021-1015: In getMeidForSlot of PhoneInterfaceManager↗2021-12-15

▶

OSV

CVE-2021-1015: In getMeidForSlot of PhoneInterfaceManager↗2021-12-01

▶