CVE-2021-0320
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
11/01/2021
Last modified:
13/01/2021
Description
In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-169933423.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Base Score 2.0
1.90
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page