2 matches found
PT-2025-3748 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to insufficient input validation in a component of the Android operating system framework. This could allow an attacker to elevate their privileges. There is a potentia...
Calling getpidcon for One Way Binder Transactions Returns Wrong Security Context
The servicemanager, keystore and drmserver all use getpidcon function to get the security context of the caller from a binder. When combined with a one way binder transaction this results in getting the security context of the current process which might allow a selinux mac bypass. Recent...