Unsafe PendingIntent in showNotification of NavigationModeController.java allows for local escalation of privilege

Unsafe PendingIntent in showNotification of NavigationModeController.java allows for local escalation of privilege

CVE-2021-0932 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705

Learn more about our Cis Benchmark Audit For Google Android.