In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
History

Fri, 13 Dec 2024 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
Vendors & Products Google
Google android

Tue, 27 Aug 2024 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2024-02-15T22:31:15.055Z

Updated: 2024-08-27T18:22:07.493Z

Reserved: 2023-08-09T02:29:31.021Z

Link: CVE-2023-40106

cve-icon Vulnrichment

Updated: 2024-08-02T18:24:54.880Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-15T23:15:08.137

Modified: 2024-12-13T21:20:34.837

Link: CVE-2023-40106

cve-icon Redhat

No data.