Lucene search

GoogleOSV:ASB-A-253043490

HistoryAug 01, 2023 - 12:00 a.m.

[Bug 7 of 7] Google Pixel Smartphone [FRP]Factory Reset Protection bypass (OS Version = android 13) - 7. Targeting the configuring of the lock screen itself due to App permissions

2023-08-0100:00:00

Google

osv.dev

google pixel smartphone

android 13

factory reset protection

local privilege escalation

permission check

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.0%

JSON

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that’s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.

References

android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453

source.android.com/security/bulletin/2023-08-01

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.0%

JSON

Related for OSV:ASB-A-253043490