CVE-2023-20914

Name of the Vulnerable Software and Affected Versions Android versions Android-11

Description In the onSetRuntimePermissionGrantStateByDeviceAdmin function of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android version Android-11, consider restricting access to sensitive information such as SMS messages to prevent local information disclosure until a patch is available. As a temporary workaround, review and restrict the use of the onSetRuntimePermissionGrantStateByDeviceAdmin function in AdminRestrictedPermissionsUtils.java to minimize the risk of exploitation.