In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/6962dbcd2eaf91552eb243aff0c0b95e567d27ca", "https://android.googlesource.com/platform/frameworks/base/+/eaa129138096bc00b663bca93a5af9786aa47154", "https://android.googlesource.com/platform/frameworks/base/+/5fba6ecb07c70dfc229a63249bf105c09ebea5b3", "https://android.googlesource.com/platform/frameworks/base/+/d341f1ecdb011d24b17358f115391b3f997cb179" ], "spl": "2024-04-01", "types": [ "ID" ], "severity": "High" }
{ "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/b23c2d5fb6630ea0da503b937f62880594b13e94", "https://android.googlesource.com/platform/frameworks/base/+/f57217125f2b124c16c463ef4507fb054cc1ba4f", "https://android.googlesource.com/platform/frameworks/base/+/35a6e2f2c952440b1102033b2c3e496438503cff", "https://android.googlesource.com/platform/frameworks/base/+/ce7ca2d9f405c94062504411c886eff93bd7ce15" ], "spl": "2024-04-01", "types": [ "ID" ], "severity": "High" }
{ "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/100ae42365d7fc8ba7d241e8c9a7ef6aa0cdb961", "https://android.googlesource.com/platform/frameworks/base/+/996896e672f28aa96a3d8158192de3cd4a105bc3", "https://android.googlesource.com/platform/frameworks/base/+/faaf58d3b910c388b0a7c51dc370a7ae18e7cec2", "https://android.googlesource.com/platform/frameworks/base/+/ce7ca2d9f405c94062504411c886eff93bd7ce15" ], "spl": "2024-04-01", "types": [ "ID" ], "severity": "High" }
{ "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/100ae42365d7fc8ba7d241e8c9a7ef6aa0cdb961", "https://android.googlesource.com/platform/frameworks/base/+/996896e672f28aa96a3d8158192de3cd4a105bc3", "https://android.googlesource.com/platform/frameworks/base/+/faaf58d3b910c388b0a7c51dc370a7ae18e7cec2", "https://android.googlesource.com/platform/frameworks/base/+/ba8dfc68aada76127abafdb17d0f0896cc14447a" ], "spl": "2024-04-01", "types": [ "ID" ], "severity": "High" }
{ "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/eaa129138096bc00b663bca93a5af9786aa47154", "https://android.googlesource.com/platform/frameworks/base/+/d9c7c85c52c007fdedb177b9f5f98821d0a76090", "https://android.googlesource.com/platform/frameworks/base/+/93149616ba8255ec82877e43d4b41c2ebd6abf24" ], "spl": "2024-04-01", "types": [ "ID" ], "severity": "High" }