ASB-A-193445603

Import Source

https://storage.googleapis.com/android-osv/ASB-A-193445603.json

Aliases

CVE-2021-39668

Published

2022-02-01T00:00:00Z

Modified

2024-04-18T14:40:51Z

Details

In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.

References

https://source.android.com/security/bulletin/2022-02-01
https://android.googlesource.com/platform/frameworks/base/+/f84fdf2e6a98b81c7b55517227bd4cb53318d5aa

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2022-02-01

Introduced

12:0

Fixed

12:2022-02-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/f84fdf2e6a98b81c7b55517227bd4cb53318d5aa"
    ],
    "spl": "2022-02-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}