PUB-A-225880325

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-225880325.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-225880325
Aliases
Published
2023-06-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-06-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "13-next"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "276169575704137219128917994707324165520",
                    "137460060081475080984689728290702528221",
                    "291704066036639305880455718053117594415",
                    "6255012745909429095333949435354854817",
                    "242647078241807454506155911856063263481",
                    "306608961743467377607808189881296650327",
                    "229631270803207472754615276098120486104",
                    "287191636278298818584825842869293889583",
                    "31888595337366706956531723006121576952",
                    "143173932057775893701220093386097649134",
                    "47198863766214509817725469600688430334",
                    "157183626186922465489391510091815919411",
                    "338469580446572484562075256366827528556",
                    "269857899925302212207468766583187668682",
                    "133337106788162389884329850122213827800",
                    "84572679067207923247853334518159172760",
                    "148151784164020522653924827259432014964",
                    "174546276379542862106963619416538282006",
                    "890927528617598482935550694935469919",
                    "106040317832502213158094472534618256528",
                    "194707664734134820720499924065287086597",
                    "11733953002999603623800916212443265566",
                    "79243576609489782459462366724559932213",
                    "207776214429458807085715745441981343824",
                    "61013465927815227490925164171710757542",
                    "44245043652942628671458148639210058513",
                    "286977512092561819294676299961573980729"
                ]
            },
            "id": "PUB-A-225880325-2dfe790b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d8572e2747720856ae33bbdf96a15b01981d0720",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "13-next"
            ],
            "digest": {
                "length": 1149.0,
                "function_hash": "37120244188134422738580144792714298022"
            },
            "id": "PUB-A-225880325-866eb1f0",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d8572e2747720856ae33bbdf96a15b01981d0720",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java",
                "function": "updatePermissionTreeSourcePackage"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/d8572e2747720856ae33bbdf96a15b01981d0720"
    ],
    "spl": "2023-06-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}