CVE-2021-0478

HIGH

Android - Privilege Escalation

Title source: llm

Description

In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-169255797

Exploits (2)

gitlab WORKING POC

by Satheesh575555 · poc

https://gitlab.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0478

View Code ZIP pw:eip

nomisec WORKING POC

by Satheesh575555 · poc

https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0478

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2021-06-01

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-755

Status published

Affected Products (4)

google/android

google/android

google/android

google/android

Timeline

Published Jun 21, 2021

Tracked Since Feb 18, 2026