Missing permission checks in CompanionDeviceShellCommand.java

2024-06-0100:00:00

Google

osv.dev

companiondevicemanager

privilege escalation

user interaction

AI Score

Confidence

High

EPSS

Percentile

9.2%

JSON

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.