In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "match_only_versions": [ "13-next" ], "digest": { "threshold": 0.9, "line_hashes": [ "276169575704137219128917994707324165520", "137460060081475080984689728290702528221", "291704066036639305880455718053117594415", "6255012745909429095333949435354854817", "242647078241807454506155911856063263481", "306608961743467377607808189881296650327", "229631270803207472754615276098120486104", "287191636278298818584825842869293889583", "31888595337366706956531723006121576952", "143173932057775893701220093386097649134", "47198863766214509817725469600688430334", "157183626186922465489391510091815919411", "338469580446572484562075256366827528556", "269857899925302212207468766583187668682", "133337106788162389884329850122213827800", "84572679067207923247853334518159172760", "148151784164020522653924827259432014964", "174546276379542862106963619416538282006", "890927528617598482935550694935469919", "106040317832502213158094472534618256528", "194707664734134820720499924065287086597", "11733953002999603623800916212443265566", "79243576609489782459462366724559932213", "207776214429458807085715745441981343824", "61013465927815227490925164171710757542", "44245043652942628671458148639210058513", "286977512092561819294676299961573980729" ] }, "id": "PUB-A-225880325-2dfe790b", "source": "https://android.googlesource.com/platform/frameworks/base/+/d8572e2747720856ae33bbdf96a15b01981d0720", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java" }, "signature_type": "Line" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 1149.0, "function_hash": "37120244188134422738580144792714298022" }, "id": "PUB-A-225880325-866eb1f0", "source": "https://android.googlesource.com/platform/frameworks/base/+/d8572e2747720856ae33bbdf96a15b01981d0720", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java", "function": "updatePermissionTreeSourcePackage" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/d8572e2747720856ae33bbdf96a15b01981d0720" ], "spl": "2023-06-01", "severity": "Moderate", "types": [ "EoP" ] }