CVE-2021-1021
HIGHAndroid 12 - Local Privilege Escalation via Notification Snooze Input Validation
Title source: llmDescription
In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/pixel/2021-12-01
Scores
CVSS v3
7.3
EPSS
0.0012
EPSS Percentile
2.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
google/android
12.0
Published
Dec 15, 2021
Tracked Since
Feb 18, 2026