{"api_version":"1","generated_at":"2026-04-23T01:32:15+00:00","cve":"CVE-2021-0932","urls":{"html":"https://cve.report/CVE-2021-0932","api":"https://cve.report/api/cve/CVE-2021-0932.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-0932","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-0932"},"summary":{"title":"CVE-2021-0932","description":"In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705","state":"PUBLIC","assigner":"security@android.com","published_at":"2021-12-15 19:15:00","updated_at":"2021-12-17 17:50:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/2021-11-01","name":"https://source.android.com/security/bulletin/2021-11-01","refsource":"MISC","tags":[],"title":"Android Security Bulletin—November 2021  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-0932","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0932","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"932","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-0932","qid":"610380","title":"Google Android Devices November 2021 Security Patch Missing"},{"cve":"CVE-2021-0932","qid":"610383","title":"Google Android November 2021 Security Patch Missing for LGE"},{"cve":"CVE-2021-0932","qid":"610388","title":"Google Android December 2021 Security Patch Missing for Huawei EMUI"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-0932","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-10"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of privilege"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/2021-11-01","url":"https://source.android.com/security/bulletin/2021-11-01"}]},"description":{"description_data":[{"lang":"eng","value":"In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705"}]}},"nvd":{"publishedDate":"2021-12-15 19:15:00","lastModifiedDate":"2021-12-17 17:50:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"932","Ordinal":"190634","Title":"CVE-2021-0932","CVE":"CVE-2021-0932","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"932","Ordinal":"1","NoteData":"In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705","Type":"Description","Title":null},{"CveYear":"2021","CveId":"932","Ordinal":"2","NoteData":"2021-12-15","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"932","Ordinal":"3","NoteData":"2021-12-15","Type":"Other","Title":"Modified"}]}}}