Side Channel Information Disclosure in DevicePolicyManager Allows Package Existence Revelation

Side Channel Information Disclosure in DevicePolicyManager Allows Package Existence Revelation

CVE-2021-39755 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407

Learn more about our Cis Benchmark Audit For Google Android.