Lucene search

GoogleOSV:ASB-A-218500036

HistoryNov 01, 2022 - 12:00 a.m.

Unlocking SIM PUK result in unlocking phone directly

2022-11-0100:00:00

Google

osv.dev

sim puk

lockscreen

privilege escalation

user interaction

software vulnerability

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/frameworks/baseeq13
platform/frameworks/baseeq12L
platform/frameworks/baseeq10
platform/frameworks/baseeq12
platform/frameworks/baseeq11

Name	Operator	Version
platform/frameworks/base	eq	13
platform/frameworks/base	eq	12L
platform/frameworks/base	eq	10
platform/frameworks/base	eq	12
platform/frameworks/base	eq	11

References

android.googlesource.com/platform/frameworks/base/+/ecbed81c3a331f2f0458923cc7e744c85ece96da

source.android.com/security/bulletin/2022-11-01

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for OSV:ASB-A-218500036