ASB-A-243794108
- Source
- https://storage.googleapis.com/android-osv/ASB-A-243794108.json
- Aliases
-
- CVE-2023-20918
- Published
- 2023-07-01T00:00:00Z
- Modified
- 2023-09-22T14:42:14Z
- Details
-
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2023-07-01
- https://android.googlesource.com/platform/frameworks/base/+/16c604aa7c253ce5cf075368a258c0b21386160d
- https://android.googlesource.com/platform/frameworks/base/+/8418e3a017428683d173c0c82b0eb02d5b923a4e
- https://android.googlesource.com/platform/frameworks/base/+/51051de4eb40bb502db448084a83fd6cbfb7d3cf
Affected packages
Android / platform/frameworks/base
Source Details
- Package Name
- platform/frameworks/base
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced11:0Fixed11:2023-07-01Introduced12:0Fixed12:2023-07-01Introduced12L:0Fixed12L:2023-07-01Introduced13:0Fixed13:2023-07-01
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c4d3106e347922610f8c554de3ae238175ed393e",
"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c"
],
"spl": "2023-07-01",
"types": [
"EoP"
],
"severity": "High"
}