In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://source.android.com/security/bulletin/2023-06-01 |
History
Wed, 18 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-276 | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2023-06-15T00:00:00
Updated: 2024-12-18T16:37:36.327Z
Reserved: 2022-11-03T00:00:00
Link: CVE-2023-21126
Vulnrichment
Updated: 2024-08-02T09:28:25.973Z
NVD
Status : Modified
Published: 2023-06-15T19:15:09.710
Modified: 2024-12-18T17:15:08.623
Link: CVE-2023-21126
Redhat
No data.