CVEs-PoC/2021/CVE-2021-0307.md

### [CVE-2021-0307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0307)
![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Android-10%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=Android-11%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brightgreen)

### Description

In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-155648771.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Ghizmoo/DroidSolver
- https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
- https://github.com/TinyNiko/android_bulletin_notes