GSD-2023-20971 — Vulnetix

GSD-2023-20971 PUBLISHED CVSS 7.800000190734863 HIGH

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Google	Android	14, 13, 12L

Timeline

Mar 13, 2023 CVE Published

References

https://android.googlesource.com/platform/frameworks/base/+/6c22d6c1e69676c5c68d21928aa5486bfd1bd131 url
https://source.android.com/security/bulletin/2024-08-01 url
https://source.android.com/security/bulletin/pixel/2023-06-01 url

Open in Interactive Console →