CVE-2021-0336
HIGHAndroid 8.1-11 - Local Privilege Escalation via Mutable PendingIntent in BluetoothPermissionRequest
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-0336. PoCs published by Trinadh465.
AI-analyzed exploit summary This repository contains source code files from the Android Open Source Project (AOSP) Settings app, specifically for AOSP10 r33, which is associated with CVE-2021-0336. The files appear to be part of a technical analysis or patch review, as they include modified or vulnerable components such as ActivityPicker and other Settings-related classes.
Description
In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161
Exploits (1)
This repository contains source code files from the Android Open Source Project (AOSP) Settings app, specifically for AOSP10 r33, which is associated with CVE-2021-0336. The files appear to be part of a technical analysis or patch review, as they include modified or vulnerable components such as ActivityPicker and other Settings-related classes.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H