Lucene search

GoogleOSV:ASB-A-228450811

HistoryAug 01, 2022 - 12:00 a.m.

Make bluetooth discoverable via SettingsIntelligence#SliceDeepLinkTrampoline

2022-08-0100:00:00

Google

osv.dev

bluetooth

vulnerability

permission bypass

remote escalation

privilege

user interaction

settingsintelligence

slicedeeplinktrampoline

software

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

21.0%

JSON

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.

References

android.googlesource.com/platform/packages/apps/Settings/+/01b6a6222e5e8cf59e317f4f52df71308bfb8bc5

android.googlesource.com/platform/packages/apps/Settings/+/205752dcf2062eb3deeb7f3b7d1eb8af7d8b2634

source.android.com/security/bulletin/2022-08-01

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

21.0%

JSON

Related for OSV:ASB-A-228450811