CVE-2022-20138
CVE-2022-20138 concerns a missing permission check in the Android framework, specifically in ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java. The issue allows an unprivileged app to send the MANAGED_PROFILE_PROVISIONED intent, potentially enabling local elevation of privileg...