CVE-2022-20420

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description A logic error in the code of AppRestrictionController.java, specifically in the getBackgroundRestrictionExemptionReason function, allows for a possible bypass of device policy restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For Android version Android-13, consider restricting access to the getBackgroundRestrictionExemptionReason function in AppRestrictionController.java until a patch is available. As a temporary workaround, review and enforce device policy restrictions to minimize the risk of exploitation.