CVE-2023-20955

Name of the Vulnerable Software and Affected Versions Android versions Android-11 through Android-13

Description In the onPrepareOptionsMenu method of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android versions Android-11 through Android-13, update to a version that includes the fix for the missing permission check in AppInfoDashboardFragment.java. As a temporary workaround, consider restricting access to the onPrepareOptionsMenu method in AppInfoDashboardFragment.java to minimize the risk of exploitation.