Affected Products
| Vendor | Product | Versions |
|---|---|---|
| platform | frameworks/base | *, 10:0, 10 |
| platform | packages/apps/ManagedProvisioning | 10:0, 10, 11:0 |
Timeline
- Jun 1, 2022 CVE Published
- May 15, 2026 CVE Updated
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
| Vendor | Product | Versions |
|---|---|---|
| platform | frameworks/base | *, 10:0, 10 |
| platform | packages/apps/ManagedProvisioning | 10:0, 10, 11:0 |