GoogleOSV:ASB-A-224585613User directories can be left unencrypted due to missing error check
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user’s directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| platform/frameworks/base | eq | 12 | |
| platform/frameworks/base | eq | 12L | |
| platform/frameworks/base | eq | 10 | |
| platform/frameworks/base | eq | 11 |
References
android.googlesource.com/platform/frameworks/base/+/0067ba2426506ec7516dcb18bec5f8a68c116fe9
android.googlesource.com/platform/frameworks/base/+/16cf824d3a3dab638698ffaa995621ae18cfcf4e
android.googlesource.com/platform/frameworks/base/+/187187a31441e44c29d13c1a04c932abc420b709
android.googlesource.com/platform/frameworks/base/+/2ba316f58e4429033caa495cbc22a0d66dd92d15
android.googlesource.com/platform/frameworks/base/+/6ba336c0e280183a04ca45b217a7e89f8419d62b
source.android.com/security/bulletin/2022-07-01
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%