In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
References
| Link | Resource |
|---|---|
| https://source.android.com/security/bulletin/2023-08-01 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Dec 2024, 14:22
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://source.android.com/security/bulletin/2023-08-01 - Patch, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-863 | |
| CPE | cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* |
|
| First Time |
Google android
|
19 Nov 2024, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-11-19 18:15
Updated : 2024-12-18 14:22
NVD link : CVE-2023-21270
Mitre link : CVE-2023-21270
JSON object : View
Products Affected
- android
CWE
CWE-863
Incorrect Authorization
