Potential Local Escalation of Privilege Vulnerability in PermissionManagerServiceImpl
CVE-2023-21270

7.8HIGH

Key Information:

Vendor: Google
Status: Andrioid
Vendor: CVE Published:; 19 November 2024

What is CVE-2023-21270?

In the PermissionManagerServiceImpl.java of Android, a flaw exists in the restorePermissionState function that could allow malicious applications to retain permissions they should have lost after system updates. Incorrect handling of permission flags means that apps might bypass the intended restrictions designed to revoke certain permissions. Exploitation of this vulnerability necessitates user execution privileges, enabling attackers to escalate their access without needing any user interaction, which amplifies the risk profile associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Andrioid sc-dev

Andrioid sc-v2-dev

Andrioid tm-dev

References

https://source.android.com/security/bulletin/2023-08-01

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2024
Vulnerability Reserved
Nov 3, 2022

JSON

Google

What is CVE-2023-21270?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.