VDB

ASB-A-154505240

ASB-A-154505240 PUBLISHED

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

VendorProductVersions
platformframeworks/base10:0, 10, 11:0

Timeline

  • Jan 1, 2021 CVE Published
  • May 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›