GoogleOSV:ASB-A-243130512Side-channel: theft the existed phone numbers or emails on your device
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| platform/frameworks/base | eq | 13 | |
| platform/frameworks/base | eq | 11 | |
| platform/frameworks/base | eq | 12L | |
| platform/frameworks/base | eq | 12 |
References
android.googlesource.com/platform/frameworks/base/+/27bc3e93eb0f767a98af38e4c454187c31472428
android.googlesource.com/platform/frameworks/base/+/401e782b244bf84fd5aab371f60c2e52d6226fb3
android.googlesource.com/platform/frameworks/base/+/6c24ca2e9523a7278660c6328dee00195d210a9d
source.android.com/security/bulletin/2023-04-01
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%