CVE Vulnerabilities

CVE-2021-0953

Improper Preservation of Permissions

Published: Dec 15, 2021 | Modified: Dec 20, 2021
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278

Weakness

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Affected Software

Name Vendor Start Version End Version
Android Google 9.0 (including) 9.0 (including)
Android Google 10.0 (including) 10.0 (including)
Android Google 11.0 (including) 11.0 (including)
Android Google 12.0 (including) 12.0 (including)

References