In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
History

Thu, 26 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
CPEs cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Metrics kev

{'dateAdded': '2023-09-13'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2023-09-11T20:09:53.580Z

Updated: 2024-09-26T14:31:47.277Z

Reserved: 2023-06-15T02:50:29.820Z

Link: CVE-2023-35674

cve-icon Vulnrichment

Updated: 2024-08-02T16:30:44.419Z

cve-icon NVD

Status : Analyzed

Published: 2023-09-11T21:15:42.193

Modified: 2024-12-20T17:39:49.327

Link: CVE-2023-35674

cve-icon Redhat

No data.