Lucene search

GoogleOSV:ASB-A-237540408

HistoryNov 01, 2022 - 12:00 a.m.

Talkback reads notifications of non-current Android user

2022-11-0100:00:00

Google

osv.dev

android

notificationmanagerservice

permissions bypass

data sharing

local escalation

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/frameworks/baseeq12
platform/frameworks/baseeq12L
platform/frameworks/baseeq11
platform/frameworks/baseeq10
platform/frameworks/baseeq13

Name	Operator	Version
platform/frameworks/base	eq	12
platform/frameworks/base	eq	12L
platform/frameworks/base	eq	11
platform/frameworks/base	eq	10
platform/frameworks/base	eq	13

References

android.googlesource.com/platform/frameworks/base/+/7b9ea7a75ed2de51e883f450b701c8d0d82e6e9c

source.android.com/security/bulletin/2022-11-01

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-237540408