Security Advisory

CVE-2021-0979

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-15 18:06:19

Last updated 2024-08-03 15:55:17

Assigner google_android

State PUBLISHED

Description

In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191772737

← Browse all CVEs View on cve.org ↗