216.73.217.98

CVE-2023-21270

· Published 19/11/2024 18:15 · Modified 18/12/2024 14:22

Labels: CVE-2023-21270 2024-11-19CVE-2023-21270CWE-276CWE-863[email protected]

Essential information

Published
19/11/2024 18:15
Modified
18/12/2024 14:22
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
google / android cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
google / android cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
google / android cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

References