CVE-2021-39675, is present in the mobile OS’s System component, and can be abused to achieve remote escalation of privilege without the user needing to do anything at all, and “with no additional execution privileges needed,” as Google puts it.
https://source.android.com/security/bulletin/2022-02-01
Change management: https://android.googlesource.com/platform/system/nfc/+/fef77a189022aa7ac53136e582a1444b1d2ef5f0%5E%21/#F0
Reference: https://www.theregister.com/2022/02/09/android_security_bulletin/
https://t.me/cKure/10686