PUB-A-238745070 — Vulnetix

PUB-A-238745070 PUBLISHED

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	13:0, 13, *

Timeline

Dec 1, 2022 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2022-12-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/ea6a06c8e862cabe589cd6f4e2cb5f9672049d61 patch

Open in Interactive Console →