Misleading UI in PermissionController allows for unauthorized permission grants and local privilege escalation
CVE-2022-20271 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672635
Learn more about our Cis Benchmark Audit For Google Android.