ASB-A-242537498 — Vulnetix

ASB-A-242537498 PUBLISHED CVSS 8.600000381469727 HIGH

In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS 4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
platform	frameworks/base	13-next:0, 13-next, 11:0

Exploit Intelligence

Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-20911 (github-poc)

Timeline

Mar 1, 2023 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2023-03-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/1d86c8b29922525972559e00e26c1fcd6f496353 patch

Open in Interactive Console →