Description
In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103
Exploits (2)
nomisec
WRITEUP
by Trinadh465 · poc
https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2021-0705
nomisec
WRITEUP
by ShaikUsaf · poc
https://github.com/ShaikUsaf/frameworks_base_AOSP10_r33_CVE-2021-0705
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2021-10-01
Scores
CVSS v3
7.8
EPSS
0.0001
EPSS Percentile
1.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (2)
google/android
10.0
google/android
11.0
Published
Oct 22, 2021
Tracked Since
Feb 18, 2026