CVE-2022-20255

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue concerns a missing permission check in the SettingsProvider, allowing potential reading or modification of the default ringtone. This could result in local escalation of privilege without requiring additional execution privileges. Notably, user interaction is not necessary for exploitation.

Recommendations For Android version Android-13, consider restricting access to the SettingsProvider until a patch is available. As a temporary workaround, review and restrict any unnecessary permissions related to ringtone settings to minimize the risk of exploitation.