In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
https://android.googlesource.com/platform/frameworks/base/+/fc1b9998ca8a9fceba47d67fd9ea9b45705b53e0 | Patch |
https://source.android.com/security/bulletin/2023-07-01 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Nov 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-273 |
25 Jul 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-754 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.3 |
CPE | cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* |
|
References | (MISC) https://source.android.com/security/bulletin/2023-07-01 - Patch, Vendor Advisory | |
References | (MISC) https://android.googlesource.com/platform/frameworks/base/+/fc1b9998ca8a9fceba47d67fd9ea9b45705b53e0 - Patch |
13 Jul 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 00:15
Updated : 2024-11-06 18:35
NVD link : CVE-2023-21246
Mitre link : CVE-2023-21246
CVE.ORG link : CVE-2023-21246
JSON object : View
Products Affected
- android