Reveal audios across users via com.android.server.notification.NotificationManagerService.mService.updateNotificationChannelFromPrivilegedListener

2024-06-0100:00:00

Google

osv.dev

notificationmanagerservice

confused deputy

privilege escalation

user interaction

data leak

exploitation

android

6.9 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/frameworks/baseeq12
platform/frameworks/baseeq14
platform/frameworks/baseeq12L
platform/frameworks/baseeq13

Name	Operator	Version
platform/frameworks/base	eq	12
platform/frameworks/base	eq	14
platform/frameworks/base	eq	12L
platform/frameworks/base	eq	13

References

android.googlesource.com/platform/frameworks/base/+/3cc021bf608fa813a9a40932028fdde2b12a2d5e

source.android.com/security/bulletin/2024-06-01