Improper Input Validation in createNotificationChannelGroup of PreferencesHelper.java Allows Service to Run in Foreground Without User Notification

Improper Input Validation in createNotificationChannelGroup of PreferencesHelper.java Allows Service to Run in Foreground Without User Notification

CVE-2021-39808 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086

Learn more about our Cis Benchmark Audit For Google Android.