CVE-2023-40125 Information

Description

In onCreate of ApnEditor.java there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Reference

https://android.googlesource.com/platform/packages/apps/Settings/+/63d464c3fa5c7b9900448fef3844790756e557eb https://source.android.com/security/bulletin/2023-10-01