CVE-2023-20995

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue is related to a logic error in the code of CustomizedSensor.cpp, specifically in the captureImage function. This error can be exploited to bypass the fingerprint unlock, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android version Android-13, consider disabling the fingerprint unlock feature until a patch is available to prevent potential exploitation. Restrict access to the CustomizedSensor.cpp module to minimize the risk of escalation of privilege. Avoid using the captureImage function in CustomizedSensor.cpp until the issue is resolved.