CVE-2021-39663
published 2022-02-11CVE-2021-39663: In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-200682135
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | packages_providers_mediaprovider | >= 10:0 < 10:2022-02-01 | 10:2022-02-01 |