VDB
ASB-A-231496105
ASB-A-231496105
PUBLISHED
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| platform | frameworks/base | *, 12:0, 12 |
| platform | packages/modules/Wifi | 12:0, 12, 12L |
Timeline
- Dec 1, 2022 CVE Published
- May 15, 2026 CVE Updated
References
- https://source.android.com/security/bulletin/2022-12-01 advisory
- https://android.googlesource.com/platform/frameworks/base/+/61c2d0291bd5b9b39a1d7db7454b3d7c630e7de9 patch
- https://android.googlesource.com/platform/frameworks/base/+/cad40dc9b13596b85df5a41b25fc07c0854dc65a patch
- https://android.googlesource.com/platform/frameworks/base/+/530407c903c3b06c6bd0a423937531f95eb116ae patch
- https://android.googlesource.com/platform/packages/modules/Wifi/+/bb99dc7a9e5c6b14f672ee12c6e4093803b8b915 patch