Misleading UI in PermissionController allows for unauthorized permission grants and local privilege escalation

Misleading UI in PermissionController allows for unauthorized permission grants and local privilege escalation

CVE-2022-20271 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672635

Learn more about our Cis Benchmark Audit For Google Android.