Headline
CVE-2023-21140
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that’s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "0679e4f35055729be7276536fe45fe8ec18a0453", "tree": "41d3703f1e553ae502b583449fcb7c5a4c8c0f13", "parents": [ “8252d067b83cd7f03d5380ce5cc96320c7d69f17” ], "author": { "name": "Nate Myren", "email": "[email protected]", "time": “Tue Dec 06 14:01:03 2022 -0800” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:34:48 2023 +0000” }, "message": "RESTRICT AUTOMERGE Finish ManagePermissionsActivity if device is not provisioned\n\nIf the device isn\u0027t set up yet, do not allow access to the permissions\nsettings\n\nBug: 253043490\nTest: manual\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8a6f1f59d6cb5367f0c88980a75ddc227dba956a)\nMerged-In: I6e8fb8f2d934cff965069493740cfc1c59c3623f\nChange-Id: I6e8fb8f2d934cff965069493740cfc1c59c3623f\n", "tree_diff": [ { "type": "modify", "old_id": "4c186cf7e2520e7428928cece45c14ce16e05d90", "old_mode": 33188, "old_path": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java", "new_id": "c7b1bdcfa77b28fa983c109595699ee5101f312a", "new_mode": 33188, "new_path": “PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java” } ] }