In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://source.android.com/security/bulletin/2023-08-01 |
History
Wed, 18 Dec 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* |
Wed, 20 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Google
Google android |
|
Weaknesses | CWE-276 | |
CPEs | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* | |
Vendors & Products |
Google
Google android |
|
Metrics |
cvssV3_1
|
Tue, 19 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2024-11-19T18:00:47.701Z
Updated: 2024-11-20T16:35:48.663Z
Reserved: 2022-11-03T22:37:50.654Z
Link: CVE-2023-21270
Vulnrichment
Updated: 2024-11-20T16:35:40.257Z
NVD
Status : Analyzed
Published: 2024-11-19T18:15:19.253
Modified: 2024-12-18T14:22:02.343
Link: CVE-2023-21270
Redhat
No data.