CVE-2021-0953

HIGH

Android - Privilege Escalation

Title source: llm

Description

In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278

References (1)

[Vendor Advisory] https://source.android.com/security/bulletin/2021-12-01

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 1.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-281

Status published

Products (4)

google/android 9.0

google/android 10.0

google/android 11.0

google/android 12.0

Published Dec 15, 2021

Tracked Since Feb 18, 2026