CVE-2020-0188

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description The issue is related to a permissions bypass in the onCreatePermissionRequest function of SettingsSliceProvider.java due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. The vulnerability is associated with insecure privilege management, which could allow an attacker to elevate their privileges.

Recommendations For Android version Android-10, consider restricting access to the SettingsSliceProvider.java until a patch is available. As a temporary workaround, review and restrict PendingIntent usage to minimize the risk of exploitation. Avoid using the onCreatePermissionRequest function in SettingsSliceProvider.java until the issue is resolved.