Possible Bypass of Developer Settings Requirements for Capturing System Traces in TraceService.java

Possible Bypass of Developer Settings Requirements for Capturing System Traces in TraceService.java

CVE-2020-0202 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11 Android ID: A-142936525

Learn more about our Cis Benchmark Audit For Google Android.