CVE-2023-21104

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771...

CVE-2024-49737

In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates in the WindowOrganizerController.java file's applyTaskFragmentOperation function, which contains a logic error that can be exploited by an...

PT-2025-2852 · Google · Android Windoworganizer

Name of the Vulnerable Software and Affected Versions: Android WindowOrganizer affected versions not specified Description: A logic error in the code of WindowOrganizerController.java allows for the launch of arbitrary activities as the system UID. This could lead to local escalation of privilege...

CVE-2023-21104

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to a lack of permission checking in the applySyncTransaction of WindowOrganizer.java. An attacker can exploit this vulnerability to obtain sensitive...