Insufficient Background Restrictions Allow Background App to Regain Foreground Permissions in Android-11 (A-183147114)

Insufficient Background Restrictions Allow Background App to Regain Foreground Permissions in Android-11 (A-183147114)

CVE-2021-0694 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114

Learn more about our Cis Benchmark Audit For Google Android.