In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
History

Mon, 16 Dec 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
Vendors & Products Google
Google android
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Fri, 16 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-266
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2024-02-15T22:31:15.329Z

Updated: 2024-08-16T15:32:15.092Z

Reserved: 2023-08-09T02:29:31.021Z

Link: CVE-2023-40109

cve-icon Vulnrichment

Updated: 2024-08-02T18:24:55.596Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-15T23:15:08.260

Modified: 2024-12-16T19:34:04.793

Link: CVE-2023-40109

cve-icon Redhat

No data.