Platform System Sepolicy vulnerabilities

CVE-2024-32896 CVE-2024-32896: there is a possible way to bypass due to a logic error in the code there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-21178 CVE-2023-21178: In installKey of KeyUtil In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-39700 CVE-2021-39700: In the policies of adbd In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0691 CVE-2021-0691: In the SELinux policy configured in system_app In the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2020-0390 CVE-2020-0390: In the app zygote SE Policy, there is a possible permissions bypass In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.