In backoffice there's an extra permission check on avatars tab, preventing non-admins to add/create an avatar

The below code means that user can upload an avatar only if he has permission to edit other users and groups.

if( $current_User->check_perm( 'users', 'all' ) )