CVE-2023-40089

CVE-2023-40089 concerns Android’s DevicePolicyManagerService.java, where getCredentialManagerPolicy can let a user select credential providers without proper permission checks. This enables local elevation of privilege with no extra execution privileges and no user interaction required. The Andro...

CVE-2023-40089

In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

ASB-A-294228721

In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2023-21167

In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21167

In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2023-17955 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version 13 Description: A potential issue in the DevicePolicyManagerService.java could cause the SystemUI menu to crash due to a missing bounds check. This might lead to a local denial of service without requiring additional execution...

CVE-2023-21167

CVE-2023-21167 affects Android 13, in DevicePolicyManagerService.setProfileName. The issue is an out-of-bounds/ missing bounds check that can crash the SystemUI menu, causing local denial of service without extra privileges and without user interaction. Public documents consistently frame this as...

PUB-A-259942964

In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-20510

In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User...

Design/Logic Flaw

In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

CVE-2022-20511

In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

CVE-2022-20511

CVE-2022-20511 affects Android 13 where a missing permission check in DevicePolicyManagerService.getNearbyAppStreamingPolicy could enable local information disclosure without additional privileges. The issue: local access suffices (no user interaction required) and the vulnerability is tied to in...

PT-2022-14723 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a permissions bypass in the getNearbyNotificationStreamingPolicy function of DevicePolicyManagerService.java. This could lead to local information disclosure with no additional...

CVE-2022-20511

In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

PT-2022-14724 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: A missing permission check in the getNearbyAppStreamingPolicy function of DevicePolicyManagerService.java could lead to local information disclosure without requiring additional execution privileges. Us...

CVE-2022-20510

CVE-2022-20510 affects Android 13 (Pixel devices) via a permissions bypass in DevicePolicyManagerService.getNearbyNotificationStreamingPolicy, enabling local information disclosure about other users’ notification streaming policy with no extra privileges or user interaction. The security entry no...

PUB-A-235822336

In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User...

PUB-A-235821829

In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-20204

In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-20138

In ACTIONMANAGEDPROFILEPROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGEDPROFILEPROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...