Insecure Default Value in onPackageModified of VoiceInteractionManagerService.java Allows Local Privilege Escalation
CVE-2021-0375 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484
Learn more about our Cis Benchmark Audit For Google Android.