CVE-2021-25373
First published: Fri Apr 09 2021(Updated: )
Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Customization Service | <2.2.02.1 | |
| Google Android | =8.0 | |
| Google Android | =8.1 | |
| Samsung Customization Service | <2.4.03.0 | |
| Google Android | =9.0 | |
| Samsung Customization Service | <2.7.02.1 | |
| Google Android | =10.0 | |
| Samsung Customization Service | <2.9.01.1 | |
| Google Android | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/samsung
- canonical/samsung customization service
- vendor/google
- canonical/google android
- version/google android/8.0
- version/google android/8.1
- version/google android/9.0
- version/google android/10.0
- version/google android/11.0