Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-21254

In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE
#android#google#java#auth

)]}’ { "commit": "fa539c85503dc63bfb53c76b6f12b3549f14a709", "tree": "7dbbee84c812cf1976d496a487d69c5394576152", "parents": [ “c00b7e7dbc1fa30339adef693d02a51254755d7f” ], "author": { "name": "Evan Severson", "email": "[email protected]", "time": “Tue Jan 31 17:14:34 2023 -0800” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu May 11 18:40:45 2023 +0000” }, "message": "[1-time permissions] Use internal api to check proc states\n\nWe need to check the proc state and the binder method has a filter that\nis affected by a bug that keeps a killed a proces in the \"pending top\"\nlist. Using the internal api isn\u0027t affected by this filter and also is\nmore correct for inprocess calls.\n\nTest: Install test app that requests permission and will exit\n immediately on granting, observe permission is no longer\n\tindefinitely held.\nBug: 254736794\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e836611f3057cf9eae589a34a39fe80d0a9145f3)\nMerged-In: I30579090c803b231fd750abbc4ad645805f7ece2\nChange-Id: I30579090c803b231fd750abbc4ad645805f7ece2\n", "tree_diff": [ { "type": "modify", "old_id": "a1c98109052e22aa66876a0ee41d102e90bfbd76", "old_mode": 33188, "old_path": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "new_id": "d28048ce74c79e9258e8da43dc60fa8cfd8a834a", "new_mode": 33188, "new_path": “services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java” } ] }

Related news

CVE-2023-21256: Android Security Bulletin—July 2023

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907