ASB-A-162627132 — Vulnetix

ASB-A-162627132 PUBLISHED

In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	frameworks/base	11, *, 11:0

Timeline

Dec 1, 2020 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2020-12-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d patch
https://android.googlesource.com/platform/frameworks/base/+/534bbaeead15bc3c540efd947b3a5ade62cf27be patch

Open in Interactive Console →