CVE-2017-13209

Name of the Vulnerable Software and Affected Versions: Android versions 8.0, 8.1

Description: The issue is related to an insecure permissions check in the ServiceManager::add function within the hardware service manager. This could allow an application or service to replace a HAL service with its own, potentially leading to a local elevation of privilege. This elevation of privilege could enable code execution as a privileged process without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations: For Android versions 8.0 and 8.1, consider restricting access to the ServiceManager::add function to prevent unauthorized replacement of HAL services until a patch is available. As a temporary workaround, consider implementing additional permissions checks to mitigate the risk of exploitation.