In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "256344392036311097711604487242339670875", "274057428375888562584514121329737596111", "145652496039882957379333952445927871354", "97688537567720862757721685389724416698", "309995359751551295309347655795310159722", "277424418945787746687653911383464672150", "195688365078966035571348089285859865348", "10781820767013119213797397001269340647" ] }, "id": "ASB-A-156123285-13ae36f5", "source": "https://android.googlesource.com/platform/frameworks/base/+/6967df740495b9b2b7a6bc357e656efa5390e050", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/location/GnssVisibilityControl.java" }, "signature_type": "Line" }, { "digest": { "length": 713.0, "function_hash": "291218029368438934464636682503493167444" }, "id": "ASB-A-156123285-c2635537", "source": "https://android.googlesource.com/platform/frameworks/base/+/6967df740495b9b2b7a6bc357e656efa5390e050", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/location/GnssVisibilityControl.java", "function": "createEmergencyLocationUserNotification" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/6967df740495b9b2b7a6bc357e656efa5390e050" ], "spl": "2020-09-01", "severity": "High", "types": [ "EoP" ] }