CVE-2021-39706
HIGHAndroid - Local Privilege Escalation via CredentialStorage Cleanup
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-39706. PoCs published by Trinadh465.
AI-analyzed exploit summary This repository contains source code files from the Android Open Source Project (AOSP) Settings app, specifically targeting CVE-2021-39706. The files appear to be part of a vulnerability analysis or patch diff, focusing on the Settings application components. No exploit code is present, but the files provide technical context for the vulnerability.
Description
In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168
Exploits (1)
This repository contains source code files from the Android Open Source Project (AOSP) Settings app, specifically targeting CVE-2021-39706. The files appear to be part of a vulnerability analysis or patch diff, focusing on the Settings application components. No exploit code is present, but the files provide technical context for the vulnerability.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H