GoogleOSV:ASB-A-221041256Privilege Escalation in com.android.settings.DefaultRingtonePreference and com.android.dialer.app.settings.DefaultRingtonePreference
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.1 Medium
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
android.googlesource.com/platform/packages/apps/Settings/+/1de10d24aa8d6a54b991299091877b18ee696d73
android.googlesource.com/platform/packages/apps/Settings/+/40fbcf333f09a92d6499cf94d67c60c3a03c9a33
android.googlesource.com/platform/packages/apps/Settings/+/9bd1402e5aa758f2843154f395b5a5dfa91c1dca
android.googlesource.com/platform/packages/apps/Settings/+/a9da6b809944018ef4c1a8eaecdec9cdecf47e15
android.googlesource.com/platform/packages/apps/Settings/+/e4c22580c9a66a3d5523782c2daa707531210227
android.googlesource.com/platform/packages/apps/Settings/+/ec3ae8bb178b8b5fb54572632e77984f9bfd5b86
source.android.com/security/bulletin/2022-08-01
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.1 Medium
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%