Possible bypass of security and privacy settings in app usage due to unusual root cause in UsageStatsService.java

Possible bypass of security and privacy settings in app usage due to unusual root cause in UsageStatsService.java

CVE-2021-39619 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948

Learn more about our Cis Benchmark Audit For Google Android.