In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "match_only_versions": [ "13" ], "digest": { "length": 45.0, "function_hash": "64862335666524616398601377012350108103" }, "id": "PUB-A-227470877-3748ecad", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/88037e4f5e05807db6c925bc5aeaf01f6276d4f9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/network/ProviderModelSlice.java", "function": "getBackgroundWorkerClass" }, "signature_type": "Function" }, { "match_only_versions": [ "13" ], "digest": { "length": 1639.0, "function_hash": "182938360869102536702090534190159001943" }, "id": "PUB-A-227470877-90f54a10", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/88037e4f5e05807db6c925bc5aeaf01f6276d4f9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/network/ProviderModelSlice.java", "function": "getSlice" }, "signature_type": "Function" }, { "match_only_versions": [ "13" ], "digest": { "threshold": 0.9, "line_hashes": [ "20741715428782949172839944570700361480", "127347408120081777186195359436228801116", "295772450544397982666871347001313709839", "106811892440021254914266515116531562853", "123810973294163477280580869194466616064", "46915905549989514722094856776514639136", "308696907300406639402203287157887306902", "317130395206895879527839019719622109982", "187973733605461320876850578215322993905", "160107659018104972416861561588338033294", "35399368804301531544782259869389590435", "34207970966674348164301538021069847548" ] }, "id": "PUB-A-227470877-cf9f1ff8", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/88037e4f5e05807db6c925bc5aeaf01f6276d4f9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/network/ProviderModelSlice.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/88037e4f5e05807db6c925bc5aeaf01f6276d4f9" ], "spl": "2022-12-01", "severity": "Moderate", "types": [ "EoP" ] }