VDB-190563 · CVE-2021-39627 · A-185126549

Google Android 9.0/10.0/11.0/12.0 LegacyModeSmsHandler.java sendLegacyVoicemailNotification permission

A vulnerability was found in Google Android 9.0/10.0/11.0/12.0 (Smartphone Operating System). It has been classified as critical. This affects the function sendLegacyVoicemailNotification of the file LegacyModeSmsHandler.java. Applying a patch is able to eliminate this problem.

Field	01/15/2022 08:09 AM	01/19/2022 02:24 PM
vendor	Google	Google
name	Android	Android
version	9.0/10.0/11.0/12.0	9.0/10.0/11.0/12.0
file	LegacyModeSmsHandler.java	LegacyModeSmsHandler.java
function	sendLegacyVoicemailNotification	sendLegacyVoicemailNotification
cwe	275 (privilege escalation)	275 (privilege escalation)
risk	2	2
cvss3_vuldb_av	L	L
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
identifier	A-185126549	A-185126549
url	https://source.android.com/security/bulletin/2022-01-01	https://source.android.com/security/bulletin/2022-01-01
name	Patch	Patch
cve	CVE-2021-39627	CVE-2021-39627
cve_assigned	1629669600	1629669600
date	1642201200 (01/15/2022)	1642201200 (01/15/2022)
type	Smartphone Operating System	Smartphone Operating System
cvss2_vuldb_av	L	L
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss3_vuldb_e	X	X
cvss2_vuldb_basescore	4.3	4.3
cvss2_vuldb_tempscore	3.7	3.7
cvss3_vuldb_basescore	5.3	5.3
cvss3_vuldb_tempscore	5.1	5.1
cvss3_meta_basescore	5.3	5.3
cvss3_meta_tempscore	5.1	5.1
price_0day	$25k-$100k	$25k-$100k
price_trend	+	+
cve_nvd_summary		In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!