Description
In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-172939189
Exploits (1)
nomisec
WRITEUP
by ShaikUsaf · poc
https://github.com/ShaikUsaf/packages_apps_settings_AOSP10_r33_CVE-2021-0481
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2021-05-01
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
18.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (4)
google/android
8.1
google/android
9.0
google/android
10.0
google/android
11.0
Published
Jun 11, 2021
Tracked Since
Feb 18, 2026