Lucene search
HistorySep 11, 2023 - 9:15 p.m.
CVE-2023-35674
windowstate.java
logic error
local privilege escalation
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
29.4%
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected configurations
Node
googleandroidMatch11.0
ORgoogleandroidMatch12.0
ORgoogleandroidMatch12.1
ORgoogleandroidMatch13.0
Related
attackerkb
attackerkb
CVE-2023-35674
2023-09-11 00:00:00
thn
thn
cisa_kev
cisa_kev
Android Framework Privilege Escalation Vulnerability
2023-09-13 00:00:00
cvelist
cvelist
CVE-2023-35674
2023-09-11 20:09:53
osv
osv
Background Activity Launch via TYPE_PRESENTATION
2023-09-01 00:00:00
prion
prion
Code injection
2023-09-11 21:15:00
vulnrichment
vulnrichment
CVE-2023-35674
2023-09-11 20:09:53
cve
cve
CVE-2023-35674
2023-09-11 21:15:42
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
29.4%
Related for NVD:CVE-2023-35674