CVE-2021-0547

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-0547

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-0547.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-0547

Aliases

A-174151048
PUB-A-174151048

Published

2021-06-22T12:15:09.457Z

Modified

2026-03-14T10:37:04.145830Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048

References

https://source.android.com/security/bulletin/pixel/2021-06-01

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-0547.json"