CVE-2021-0400
MEDIUMAndroid - Incorrect Emergency Location Reporting via Improper Input Validation
Title source: llmDescription
In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2021-04-01
Scores
CVSS v3
5.5
EPSS
0.0013
EPSS Percentile
2.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (3)
google/android
9.0
google/android
10.0
google/android
11.0
Published
Apr 13, 2021
Tracked Since
Feb 18, 2026