Improper Input Validation in GnssLocationProvider.java Leads to Incorrect Reporting of Location Data to Emergency Services

Improper Input Validation in GnssLocationProvider.java Leads to Incorrect Reporting of Location Data to Emergency Services

CVE-2021-0400 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690

Learn more about our Cis Benchmark Audit For Google Android.