CVE-2021-0388

HIGH

Android 11 - Missing Authorization in ImsPhoneCallTracker Broadcast Handler

Title source: llm
STIX 2.1

Description

In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162741489

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/pixel/2021-03-01

Scores

CVSS v3 7.8
EPSS 0.0011
EPSS Percentile 1.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
google/android 11.0
Published Mar 10, 2021
Tracked Since Feb 18, 2026