In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2023-08-01 |
Configurations
No configuration.
History
20 Nov 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-276 | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
19 Nov 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-19 18:15
Updated : 2024-11-20 17:35
NVD link : CVE-2023-21270
Mitre link : CVE-2023-21270
CVE.ORG link : CVE-2023-21270
JSON object : View
Products Affected
No product.
CWE
CWE-276
Incorrect Default Permissions