Vulnerability Details : CVE-2021-0702

In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765

Vulnerability category: Information leak

Published 2021-10-22 14:15:08

Updated 2021-10-26 23:02:48

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-0702

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 13 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-0702

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N	3.4	2.9	nvd@nist.gov
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	1.8	3.6	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2021-0702

https://source.android.com/security/bulletin/2021-10-01

Android Security Bulletin—October 2021 | Android Open Source Project
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2021-0702

Google » Android » Version: 11.0
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Matching versions