CVE-2021-0595

Опубликовано: 06 окт. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096

Ссылки

https://source.android.com/security/bulletin/2021-09-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/2021-09-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00025

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-3p7p-f85x-q453