Possible Denial of Service Vulnerability in SubscriptionController.addSubInfo

Possible Denial of Service Vulnerability in SubscriptionController.addSubInfo

CVE-2021-1008 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197327688

Learn more about our Cis Benchmark Audit For Google Android.