Описание
In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Ссылки
- https://android.googlesource.com/platform/frameworks/base/+/6a9250ec7fc9801a883cedd7860076f42fb518acMailing ListPatch
- PatchVendor Advisory
- https://android.googlesource.com/platform/frameworks/base/+/6a9250ec7fc9801a883cedd7860076f42fb518acMailing ListPatch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00032
Низкий
7.8 High
CVSS3
7.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-269
Связанные уязвимости
CVSS3: 7.8
github
больше 1 года назад
In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
EPSS
Процентиль: 9%
0.00032
Низкий
7.8 High
CVSS3
7.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-269