In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOWCONTENTCAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "match_only_versions": [ "13-next" ], "digest": { "length": 166.0, "function_hash": "258326527094683490707070192044831391883" }, "id": "PUB-A-250573776-5b7f6683", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/a1ca72224da3a87d3117e764dfea35e03f62a182", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/privacy/EnableContentCapturePreferenceController.java", "function": "getAvailabilityStatus" }, "signature_type": "Function" }, { "match_only_versions": [ "13-next" ], "digest": { "threshold": 0.9, "line_hashes": [ "230878898972108947448676599731865036895", "29929630303618403406873241733712735071", "43171703898393838406260968717756894712", "202220144456139908321737172207194654673", "141297438035133473302776685006771028195", "314980342124334971502357072826993007426", "198523617367747830504737027296671495035", "321352975154569528164620798525210741119", "167566222161009494756955802324480295557" ] }, "id": "PUB-A-250573776-fc2eddb4", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/a1ca72224da3a87d3117e764dfea35e03f62a182", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/privacy/EnableContentCapturePreferenceController.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/a1ca72224da3a87d3117e764dfea35e03f62a182" ], "spl": "2023-06-01", "severity": "Moderate", "types": [ "EoP" ] }