CVE-2022-20266

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed fo...

CVE-2023-21237

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-20266

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed fo...

Google Android 输入验证错误漏洞

Google Android is a Linux-based open-source operating system from Google, Inc. A security vulnerability exists in the Google Android Companion component, which stems from a possible way to make a service run with higher importance without displaying a foreground service notification due to improp...

PT-2022-14489 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to improper input validation in the Companion service, allowing it to run with elevated importance without displaying a foreground service notification. This could...