CVE-2023-40105

2024-02-1523:15:08

google_android

web.nvd.nist.gov

5196

cve-2023-40105

information security

sensitive data leak

permission check

activitymanagerservice

nvd

AI Score

5.9

Confidence

High

EPSS

Percentile

9.0%

JSON

In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected configurations

Vulners

Node

googleandroidMatch14

googleandroidMatch13

googleandroidMatch14

googleandroidMatch13

googleandroidMatch12l

googleandroidMatch14

googleandroidMatch13

googleandroidMatch12l

googleandroidMatch12

googleandroidMatch14

googleandroidMatch13

googleandroidMatch12l

googleandroidMatch12

googleandroidMatch11

VendorProductVersionCPE
googleandroid14cpe:2.3:o:google:android:14:*:*:*:*:*:*:*
googleandroid13cpe:2.3:o:google:android:13:*:*:*:*:*:*:*
googleandroid12lcpe:2.3:o:google:android:12l:*:*:*:*:*:*:*
googleandroid12cpe:2.3:o:google:android:12:*:*:*:*:*:*:*
googleandroid11cpe:2.3:o:google:android:11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	14	cpe:2.3:o:google:android:14:::::::*
google	android	13	cpe:2.3:o:google:android:13:::::::*
google	android	12l	cpe:2.3:o:google:android:12l:::::::*
google	android	12	cpe:2.3:o:google:android:12:::::::*
google	android	11	cpe:2.3:o:google:android:11:::::::*

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "14",
        "status": "affected"
      },
      {
        "version": "13",
        "status": "affected"
      },
      {
        "version": "12L",
        "status": "affected"
      },
      {
        "version": "12",
        "status": "affected"
      },
      {
        "version": "11",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]