CVE-2021-39700 — Sensitive Information Exposure in Google Android

5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 96.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform System Sepolicy Google Android

Timeline

PublishedMay 10

Latest updateMay 11

Description

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201645790

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5google/androidAndroid-10 Android-11 Android-12

▶NVDgoogle/android10.0, 11.0, 12.0+2

▶Androidplatform/system_sepolicy10:0 — 10:2022-05-01+2

🔴Vulnerability Details

GHSA

GHSA-6h5g-3wf4-mh8w: In the policies of adbd↗2022-05-11

▶

CVEList

CVE-2021-39700: In the policies of adbd↗2022-05-10

▶

OSV

CVE-2021-39700: In the policies of adbd↗2022-05-01

▶

📋Vendor Advisories

Android

CVE-2021-39700: Android Security Bulletin 2022-05-01 CVE: CVE-2021-39700 Severity: MEDIUM Type: ID Affected AOSP versions: 10, 11, 12 References: A-201645790↗2022-05-01

▶