4 matches found
CVE-2023-21092
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2023-21092
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2023-21092
Summary: CVE-2023-21092 affects Android 11–13. The issue arises in retrieveServiceLocked in ActiveServices.java, where input validation allows dynamically registering a BroadcastReceiver with system-app privileges. This enables local elevation of privilege with no extra execution privileges and n...
CVE-2023-21092
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...