CVE-2021-0400

MEDIUM

Android - Incorrect Emergency Location Reporting via Improper Input Validation

Title source: llm
STIX 2.1

Description

In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2021-04-01

Scores

CVSS v3 5.5
EPSS 0.0013
EPSS Percentile 2.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (3)
google/android 9.0
google/android 10.0
google/android 11.0
Published Apr 13, 2021
Tracked Since Feb 18, 2026