Unrated severityNVD Advisory· Published Mar 24, 2023· Updated Feb 28, 2025
CVE-2023-20906
CVE-2023-20906
Description
In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221040577
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: Android-11, Android-12, Android-12L, Android-13
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.