Lucene search

GoogleOSV:ASB-A-201645790

HistoryMay 01, 2022 - 12:00 a.m.

Selinux Fix to allow CTS Listening Ports Test to work android.appsecurity.cts.ListeningPortsTest#testNoRemotelyAccessibleListeningUdpPorts

2022-05-0100:00:00

Google

osv.dev

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/system/sepolicyeq11
platform/system/sepolicyeq12
platform/system/sepolicyeq10

Name	Operator	Version
platform/system/sepolicy	eq	11
platform/system/sepolicy	eq	12
platform/system/sepolicy	eq	10

References

android.googlesource.com/platform/system/sepolicy/+/ac15c76a51cebb2114f80f6fc2863fc671e7e2c4

source.android.com/security/bulletin/2022-05-01

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for OSV:ASB-A-201645790