CVE-2021-25373

Summary

Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileCustomization ServiceAndroid O(8.x) < 2.2.02.1affected
Samsung MobileCustomization ServiceAndroid P(9.0) < 2.4.03.0affected
Samsung MobileCustomization ServiceAndroid Q(10.0) < 2.7.02.1affected
Samsung MobileCustomization ServiceAndroid R(11.0) < 2.9.01.1affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

References