Affected Products
| Vendor | Product | Versions |
|---|---|---|
| platform | frameworks/base | 8.0:0, 8.0, 8.1:0 |
Timeline
- Jan 1, 2021 CVE Published
- May 15, 2026 CVE Updated
In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation.
| Vendor | Product | Versions |
|---|---|---|
| platform | frameworks/base | 8.0:0, 8.0, 8.1:0 |