CVE-2022-20456
26.01.2023, 21:15
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780Enginsight
| Vendor | Product | Version |
|---|---|---|
| android | 10.0 | |
| android | 11.0 | |
| android | 12.0 | |
| android | 12.1 | |
| android | 13.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-770 - Allocation of Resources Without Limits or ThrottlingThe software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
- CWE-276 - Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.