CVE-2022-20444

Опубликовано: 13 дек. 2022

Источник: nvd

Описание

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Связанные уязвимости

GHSA-q8r7-c3h6-2hgr

CVSS3: 8.4

github

около 3 лет назад

In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197296414