CVE-2023-21270
19.11.2024, 18:15
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Enginsight
| Vendor | Product | Version |
|---|---|---|
| android | 12.0 | |
| android | 12.1 | |
| android | 13.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
- CWE-276 - Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.