Arbitrary User Notification Disabling Vulnerability in Android-12 (A-195031703)

Arbitrary User Notification Disabling Vulnerability in Android-12 (A-195031703)

CVE-2021-1021 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703

Learn more about our Cis Benchmark Audit For Google Android.