CVE-2022-20420

In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

Google Android elevation of privilege vulnerability (CNVD-2023-04551)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the getBackgroundRestrictionExceptionReason code of AppRestrictionController.java, which can be exploited by an attacker to elevate...

Code injection

In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

PT-2022-14647 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: A logic error in the code of AppRestrictionController.java, specifically in the getBackgroundRestrictionExemptionReason function, allows for a possible bypass of device policy restrictions. This could...

CVE-2022-20420

CVE-2022-20420 is an Android 13 elevation-of-privilege issue caused by a logic error in AppRestrictionController.java (getBackgroundRestrictionExemptionReason). The weakness could allow bypassing device policy restrictions with local access and no user interaction, granting high impact on confide...