In CompanionDeviceManagerService there is a lack of Parcelable value check which could lead to bypass of BAL restriction

2024-07-0100:00:00

Google

osv.dev

companiondevicemanagerservice

parcelable value check

bal restriction

setskipprompt

associationrequest.java

companion device association

local escalation of privilege

user interaction

software

7.3 High

AI Score

Confidence

High

JSON

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/frameworks/baseeq12
platform/frameworks/baseeq12L

CPE	Name	Operator	Version
	platform/frameworks/base	eq	12
	platform/frameworks/base	eq	12L

References

android.googlesource.com/platform/frameworks/base/+/9722ce9d733edab76163fbcd21b231424e3d7061

android.googlesource.com/platform/frameworks/base/+/df49e0e3083b0707e2cca5a5956b49f14ded078e

source.android.com/security/bulletin/2024-07-01

7.3 High

AI Score

Confidence

High

JSON