PUB-A-235601169 — Vulnetix

PUB-A-235601169 PUBLISHED

In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	13, 13:0, 13

Timeline

Dec 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-12-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/8b1e21f92998c85e728a502fe52be23a7e3696ee patch

Open in Interactive Console →