Lucene search

GoogleOSV:ASB-A-218495634

HistoryApr 01, 2024 - 12:00 a.m.

Lockdown vs. Screen pinning mode

2024-04-0100:00:00

Google

osv.dev

software

logic error

information disclosure

screen pinning

exploitation

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/frameworks/baseeq14
platform/frameworks/baseeq12L
platform/frameworks/baseeq12
platform/frameworks/baseeq13

Name	Operator	Version
platform/frameworks/base	eq	14
platform/frameworks/base	eq	12L
platform/frameworks/base	eq	12
platform/frameworks/base	eq	13

References

android.googlesource.com/platform/frameworks/base/+/cb7e9c7549a2a076ec00db15e3da0d21b31b0b1c

android.googlesource.com/platform/frameworks/base/+/cecddcd865f72d76f7aacb1cf4479365847299f9

android.googlesource.com/platform/frameworks/base/+/e205cd30e91d8eeadf562140c34c306ebf7d6394

source.android.com/security/bulletin/2024-04-01

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-218495634