{"api_version":"1","generated_at":"2026-04-23T02:58:08+00:00","cve":"CVE-2021-0375","urls":{"html":"https://cve.report/CVE-2021-0375","api":"https://cve.report/api/cve/CVE-2021-0375.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-0375","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-0375"},"summary":{"title":"CVE-2021-0375","description":"In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484","state":"PUBLIC","assigner":"security@android.com","published_at":"2021-03-10 16:15:00","updated_at":"2021-03-12 18:25:00"},"problem_types":["CWE-330"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/pixel/2021-03-01","name":"https://source.android.com/security/bulletin/pixel/2021-03-01","refsource":"MISC","tags":["Vendor Advisory"],"title":"Pixel Update Bulletin—March 2021  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-0375","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0375","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"375","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"375","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-0375","qid":"610321","title":"Google Pixel Android March 2021 Security Patch Missing"},{"cve":"CVE-2021-0375","qid":"610341","title":"Google Android May 2021 Security Patch Missing for LGE"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-0375","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-11"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of privilege"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/pixel/2021-03-01","url":"https://source.android.com/security/bulletin/pixel/2021-03-01"}]},"description":{"description_data":[{"lang":"eng","value":"In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484"}]}},"nvd":{"publishedDate":"2021-03-10 16:15:00","lastModifiedDate":"2021-03-12 18:25:00","problem_types":["CWE-330"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"375","Ordinal":"190077","Title":"CVE-2021-0375","CVE":"CVE-2021-0375","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"375","Ordinal":"1","NoteData":"In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484","Type":"Description","Title":null},{"CveYear":"2021","CveId":"375","Ordinal":"2","NoteData":"2021-03-10","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"375","Ordinal":"3","NoteData":"2021-03-10","Type":"Other","Title":"Modified"}]}}}