2 matches found
CVE-2023-40079
In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40079
CVE-2023-40079 affects Android frameworks (ShortcutService.java: injectSendIntentSender) where a permissions bypass may allow a background activity launch, leading to local privilege escalation without user interaction. The issue is documented as an Elevation of Privilege (EoP) with high impact. ...