In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a malicious app to access files available to the DocumentProvider without user permission, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157294893
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/pixel/2020-12-01 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: google_android
Published: 2020-12-15T15:54:41
Updated: 2020-12-15T15:54:41
Reserved: 2019-10-17T00:00:00
Link: CVE-2020-0479
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-15T16:15:13.447
Modified: 2020-12-16T14:51:44.027
Link: CVE-2020-0479
JSON object: View
Redhat Information
No data.
CWE