2 matches found
CVE-2022-20007
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges neede...
CVE-2022-20007
The CVE-2022-20007 issue is a race-condition vulnerability in Android's RootWindowContainer.java (startActivityForAttachedApplicationIfNeeded) that could allow an overlay to fool a foreground app, enabling local privilege escalation. Affected: Android 10–12 (including 12L). Root cause: a race bet...