In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154928507
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27041
Reference (s):
- https://source.android.com/security/bulletin/pixel/2020-12-01
- URL: https://source.android.com/security/bulletin/pixel/2020-12-01