VDB

CVE-2021-28663

CVE-2021-28663 PUBLISHED KEV

In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302616

EPSS 3.62% · 88.0th percentile

Risk Scores

EPSS Score
3.62%
88.0th percentile

Affected Products

VendorProductVersions
n/aAndroidAndroid-11

Timeline

  • May 3, 2021 PoC Published
  • May 4, 2021 CVE Published
  • May 11, 2021 EPSS Score
  • Sep 2, 2021 EPSS Score
  • Sep 14, 2021 EPSS Score
  • Nov 3, 2021 CISA KEV Added
  • Jan 15, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 19, 2022 EPSS Score
  • Sep 20, 2022 EPSS Score
  • Nov 21, 2022 EPSS Score
  • Feb 24, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›