2 matches found
CVE-2023-20957
In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-20957
CVE-2023-20957 describes a possible bypass of Factory Reset Protections in Android via the onAttach method of SettingsPreferenceFragment.java, caused by a confused deputy. The impact is local elevation of privilege with no extra execution privileges required, and exploitation is described as requ...