Headline
CVE-2023-21257
In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "1aec7feaf07e6d4568ca75d18158445dbeac10f6", "tree": "a7e63c0c0347129ae4f7634e1dda1e30e3897052", "parents": [ “3a448067ac9ebdf669951e90678c2daa592a81d3” ], "author": { "name": "Sumedh Sen", "email": "[email protected]", "time": “Thu Mar 23 16:29:47 2023 -0700” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu May 11 18:40:59 2023 +0000” }, "message": "[RESTRICT AUTOMERGE] Prevent installing apps in policy restricted work profile using ADB\n\nIf DISALLOW_DEBUGGING_FEATURES or DISALLOW_INSTALL_APPS restrictions are\nset on a work profile, prevent side loading of APKs using ADB in the\nwork profile.\n\nBug: 257443065\nTest: atest CtsPackageInstallTestCases:UserRestrictionInstallTest\n\n\n(cherry picked from commit febe3918020a94b2af48ade98eb6a49cdd4a3bdf)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:28e133dff148cf8f43c551073000a459a1573985)\nMerged-In: I169a1f72c84528ca606b6a4da165d4fbcd02b08d\nChange-Id: I169a1f72c84528ca606b6a4da165d4fbcd02b08d\n", "tree_diff": [ { "type": "modify", "old_id": "5d73de103e9057f7947ff48254d067c0c6b92cb7", "old_mode": 33188, "old_path": "services/core/java/com/android/server/pm/InstallPackageHelper.java", "new_id": "1a7d8e968edfe0c82e53dba36e6b85d057d7d8c9", "new_mode": 33188, "new_path": “services/core/java/com/android/server/pm/InstallPackageHelper.java” } ] }
Related news
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.