exploitDog

CVE-2021-0694

Опубликовано: 12 апр. 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114

Ссылки

https://source.android.com/security/bulletin/2022-04-01
Vendor Advisory
https://source.android.com/security/bulletin/2022-04-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.0001

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-hg4j-gvwp-3f8g

CVSS3: 7.8

github

почти 4 года назад

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114

EPSS

Процентиль: 1%

0.0001

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-863