{"api_version":"1","generated_at":"2026-04-23T14:58:11+00:00","cve":"CVE-2021-0547","urls":{"html":"https://cve.report/CVE-2021-0547","api":"https://cve.report/api/cve/CVE-2021-0547.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-0547","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-0547"},"summary":{"title":"CVE-2021-0547","description":"In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048","state":"PUBLIC","assigner":"security@android.com","published_at":"2021-06-22 12:15:00","updated_at":"2021-06-25 16:09:00"},"problem_types":["CWE-862"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/pixel/2021-06-01","name":"https://source.android.com/security/bulletin/pixel/2021-06-01","refsource":"MISC","tags":[],"title":"Pixel Update Bulletin—June 2021  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-0547","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0547","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"547","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-0547","qid":"610343","title":"Google Pixel Android June 2021 Security Patch Missing"},{"cve":"CVE-2021-0547","qid":"610358","title":"Google Android July 2021 Security Patch Missing for Huawei EMUI"},{"cve":"CVE-2021-0547","qid":"610366","title":"Google Android September 2021 Security Patch Missing for Samsung"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-0547","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-11"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of privilege"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/pixel/2021-06-01","url":"https://source.android.com/security/bulletin/pixel/2021-06-01"}]},"description":{"description_data":[{"lang":"eng","value":"In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048"}]}},"nvd":{"publishedDate":"2021-06-22 12:15:00","lastModifiedDate":"2021-06-25 16:09:00","problem_types":["CWE-862"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"547","Ordinal":"190249","Title":"CVE-2021-0547","CVE":"CVE-2021-0547","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"547","Ordinal":"1","NoteData":"In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048","Type":"Description","Title":null},{"CveYear":"2021","CveId":"547","Ordinal":"2","NoteData":"2021-06-22","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"547","Ordinal":"3","NoteData":"2021-06-22","Type":"Other","Title":"Modified"}]}}}