CVE-2024-0015

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

Design/Logic Flaw

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-0015

CVE-2024-0015 affects the Android Framework via DreamService.java: convertToComponentName can be abused to launch arbitrary protected activities through intent redirection, enabling local elevation of privilege with low privileges and no user interaction required. Public references indicate this ...

PT-2024-4068 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to the ConvertToComponentName function in DreamService.java, which can be exploited due to intent redirection, potentially allowing an attacker to launch arbitrary...

ASB-A-300090204

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...