In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Related CVEs

CVE-2023-21270

Key Information

GHSA ID

GHSA-cp57-7c6j-pxfg

Published

November 19, 2024 6:31 PM

Last Modified

November 20, 2024 6:32 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 31, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.