Design/Logic Flaw

In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Android Information Disclosure Vulnerability (CNVD-2023-82064)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that originates from a messy proxy in the openContentUri module of ActivityManagerService.java, which can be exploited by an attacker to obtain sensitive...

CVE-2023-21292

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21292

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2023-18071 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the August 2023 ASB Description: The issue is related to a confused deputy in the openContentUri method of ActivityManagerService.java, allowing a third-party app to obtain restricted files. This could lead to local...

ASB-A-236688380

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Design/Logic Flaw

In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...

CVE-2023-21131

In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...

CVE-2023-21131

CVE-2023-21131 concerns a logic error in ActivityManagerService.checkKeyIntentParceledCorrectly() that can bypass Parcel Mismatch mitigations, enabling local escalation of privilege to launch arbitrary activities in settings without extra privileges. Affected: Android 11–13 (Android-11, Android-1...

CVE-2023-21131

In checkKeyIntentParceledCorrectly of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution...

Design/Logic Flaw

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

CVE-2023-21117

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

CVE-2023-21117

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

CVE-2023-21496

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level...

Code injection

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level...

CVE-2023-21496

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level...

CVE-2023-21496

CVE-2023-21496 affects ActivityManagerService in Android/Samsung devices. Affected: ActivityManagerService versions prior to SMR May-2023 Release 1. Issue: Active Debug Code vulnerability allows an attacker to use a debug function by setting the debug level. Evidence of patching: Samsung/Google s...

CVE-2023-21496

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level...

CVE-2023-21089

In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21089

In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...