In rebootRecoveryWithCommand of RecoverySystemService.java, there is a possible way to bypass a factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
{ "fixes": [ "https://android.googlesource.com/platform/system/sepolicy/+/d157988ec5b5f057894fe7ff785f163291d9d767", "https://android.googlesource.com/platform/system/sepolicy/+/ca6c75b9572904b0bd8f9d06c8aff2f85e73e30e" ], "spl": "2024-09-01", "severity": "High", "types": [ "EoP" ] }