Описание
In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
Ссылки
- https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70Mailing ListPatch
- PatchVendor Advisory
- https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70Mailing ListPatch
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.8 High
CVSS3
Дефекты
Связанные уязвимости
In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
Уязвимость функции ConvertToComponentName (DreamService.java) операционных систем Android, позволяющая нарушителю выполнить повысить свои привилегии или выполнить произвольный код
EPSS
7.8 High
CVSS3