In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "match_only_versions": [ "13" ], "digest": { "threshold": 0.9, "line_hashes": [ "175278434493877219041305268878872093326", "27272561965854949146123458815165972263", "223552482003786354991201828198178774298", "87875702481257780381372651189034741421", "27398525298253817439086317880426186214", "247097726139767068152210776798215643129", "42973832947563651813844174996399787973", "243705358534627401397731811153310912311", "190521588167200224755839801483910998614", "38947201479845264073759646330827678555" ] }, "id": "PUB-A-224770203-4a67ded2", "source": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/561e28af0c3baf6c25c42f7383411bee79139f41", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/providers/telephony/MmsSmsProvider.java" }, "signature_type": "Line" }, { "digest": { "length": 5084.0, "function_hash": "24073405600031326241509208613221419142" }, "id": "PUB-A-224770203-a06dfb12", "source": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/561e28af0c3baf6c25c42f7383411bee79139f41", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/providers/telephony/MmsSmsProvider.java", "function": "query" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/561e28af0c3baf6c25c42f7383411bee79139f41" ], "spl": "2022-12-01", "severity": "Moderate", "types": [ "ID" ] }