GoogleOSV:ASB-A-231496105Investigate how Phone Services is breaking through AppOps restrictions
2.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| platform/packages/modules/wifi | eq | 12L | |
| platform/frameworks/base | eq | 12L | |
| platform/packages/modules/wifi | eq | 12 | |
| platform/frameworks/base | eq | 12 |
References
android.googlesource.com/platform/frameworks/base/+/530407c903c3b06c6bd0a423937531f95eb116ae
android.googlesource.com/platform/frameworks/base/+/61c2d0291bd5b9b39a1d7db7454b3d7c630e7de9
android.googlesource.com/platform/frameworks/base/+/cad40dc9b13596b85df5a41b25fc07c0854dc65a
android.googlesource.com/platform/packages/modules/Wifi/+/bb99dc7a9e5c6b14f672ee12c6e4093803b8b915
source.android.com/security/bulletin/2022-12-01
Related
2.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%