4 matches found
CVE-2023-21026
In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
Code injection
In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-21026
In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-21026
CVE-2023-21026 affects Android 13 on the WindowManagerService component, specifically the updateInputChannel path in WindowManagerService.java. A logic error could allow an attacker to extend a touchable region beyond the owner SurfaceControl, enabling a local denial-of-service condition without ...