Insecure Default Value in onPackageModified of VoiceInteractionManagerService.java Allows Local Privilege Escalation

Insecure Default Value in onPackageModified of VoiceInteractionManagerService.java Allows Local Privilege Escalation

CVE-2021-0375 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484

Learn more about our Cis Benchmark Audit For Google Android.