Description

In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Related CPE's

o

google

android

13.0

-

Vulnerable

References

https://android.googlesource.com/platform/frameworks/base/+/70ec64dc5a2a816d6aa324190a726a85fd749b30

Patch

https://source.android.com/security/bulletin/2023-08-01

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-269

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-14T21:15:12.460

11 months ago

Last modified

2023-08-24T15:07:31.833

11 months ago