Lucene search

GoogleOSV:ASB-A-253043495

HistoryAug 01, 2023 - 12:00 a.m.

[Bug 3 of 7] Google Pixel Smartphone [FRP]Factory Reset Protection bypass (OS Version = android 13) - 3. The YouTube application is not needed during provisioning/SUW/FRP

2023-08-0100:00:00

Google

osv.dev

google pixel

factory reset protection

android 13

vulnerability

privilege escalation

physical access

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.9%

JSON

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that’s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/packages/modules/permissioneq12
platform/packages/modules/permissioneq13
platform/packages/modules/permissioneq12L

Name	Operator	Version
platform/packages/modules/permission	eq	12
platform/packages/modules/permission	eq	13
platform/packages/modules/permission	eq	12L

References

android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453

source.android.com/security/bulletin/2023-08-01

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.9%

JSON

Related for OSV:ASB-A-253043495