Lucene search

GoogleOSV:ASB-A-283103220

HistoryAug 01, 2024 - 12:00 a.m.

setAspectRatio of PiP feature can cause foreground restriction bypass

2024-08-0100:00:00

Google

osv.dev

setaspectratio

pip feature

restriction bypass

activityclientcontroller.java

logic error

local escalation

privilege

user interaction

software

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

Percentile

9.5%

JSON

In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

android.googlesource.com/platform/frameworks/base/+/8b473b3f79642f42eeeffbfe572df6c6cbe9d79e

source.android.com/security/bulletin/2024-08-01

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for OSV:ASB-A-283103220