PUB-A-232798363 — Vulnetix

PUB-A-232798363 PUBLISHED

In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	13, *, 13:0

Timeline

Dec 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-12-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/5f421125abcdc78c73ef4af3da68ab623d2d95db patch

Open in Interactive Console →