PUB-A-227470877 — Vulnetix

PUB-A-227470877 PUBLISHED

In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	13, *, 13:0

Timeline

Dec 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-12-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/88037e4f5e05807db6c925bc5aeaf01f6276d4f9 patch

Open in Interactive Console →