CVE-2023-21248 Information

Description

In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Reference

https://source.android.com/security/bulletin/2023-07-01 https://android.googlesource.com/platform/packages/apps/Settings/+/edd4023805bc7fa54ae31de222cde02b9012bbc4