Lucene search

GoogleOSV:ASB-A-253043502

HistoryAug 01, 2023 - 12:00 a.m.

[Bug 4 of 7] Google Pixel Smartphone [FRP]Factory Reset Protection bypass from APP permission (OS Version = android 13) - 4. The Chrome application is not needed during provisioning/SUW/FRP

2023-08-0100:00:00

Google

osv.dev

google pixel

frp

vulnerability

managepermissionsactivity

android 13

local privilege escalation

physical access

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

18.0%

JSON

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that’s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/packages/modules/permissioneq13
platform/packages/modules/permissioneq12
platform/packages/modules/permissioneq12L

Name	Operator	Version
platform/packages/modules/permission	eq	13
platform/packages/modules/permission	eq	12
platform/packages/modules/permission	eq	12L

References

android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453

source.android.com/security/bulletin/2023-08-01

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for OSV:ASB-A-253043502