{"id":"ASB-A-237405974","details":"In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-237405974","CVE-2023-20947"],"modified":"2026-05-19T16:54:37.272608834Z","published":"2023-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Permission/+/d72688263a1924f859689b789732b608ef1d35f8"}],"affected":[{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-03-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/211e7ddb7e813b569e28bb352876001602e3908d"],"spl":"2023-03-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-237405974.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-03-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/d72688263a1924f859689b789732b608ef1d35f8"],"spl":"2023-03-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-237405974.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/d72688263a1924f859689b789732b608ef1d35f8"],"severity":"High","spl":"2023-03-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-237405974.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-03-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/47765e12b1bd86b13f7a2500358b10d9e429b30b"],"spl":"2023-03-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-237405974.json"}}],"schema_version":"1.7.5"}