CVE-2022-38697
CVE-2022-38697 affects the messaging service with a missing permission check that could allow a local attacker to access an unexpected provider in the contacts service without extra execution privileges. The NVD entry lists a CVSSv3.1 base score of 5.5 (HIGH confidentiality impact, LOCAL access, ...