Missing Permission Check in onParentVisible of HeaderPrivacyIconsController.kt Allows Local Privilege Escalation on Factory Reset Devices

Missing Permission Check in onParentVisible of HeaderPrivacyIconsController.kt Allows Local Privilege Escalation on Factory Reset Devices

CVE-2023-20926 · MEDIUM Severity

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058

Learn more about our Cis Benchmark Audit For Google Android.