Name | CVE-2021-39796 |
Description | In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291 |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Debian Bugs | 1009626 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
android-platform-frameworks-base (PTS) | jessie | 21-2 | vulnerable |
| stretch | 1:7.0.0+r33-1 | vulnerable |
| buster | 1:8.1.0+r23-3 | vulnerable |
| bullseye | 1:10.0.0+r36-3 | vulnerable |
| bookworm | 1:10.0.0+r36-10 | vulnerable |
| sid | 1:14~beta1-2 | vulnerable |
The information below is based on the following data on fixed versions.
Notes
https://android.googlesource.com/platform/frameworks/base/+/e74a2a320bf896bc30618ce486203bafe453c469
https://source.android.com/security/bulletin/2022-04-01
No security impact for Android as provided in Debian, Not accessible in Debian builds