exploitDog

CVE-2023-21089

Опубликовано: 19 апр. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237766679

Ссылки

https://source.android.com/security/bulletin/2023-04-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/2023-04-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00018

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-vrm8-gqmc-9xr9

CVSS3: 7.8

github

почти 3 года назад

In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237766679

EPSS

Процентиль: 4%

0.00018

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo