Описание
In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation.
Ссылки
- https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26Mailing ListPatch
- PatchVendor Advisory
- https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26Mailing ListPatch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00022
Низкий
7 High
CVSS3
8.4 High
CVSS3
Дефекты
CWE-362
CWE-362
Связанные уязвимости
CVSS3: 8.4
github
почти 2 года назад
In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS
Процентиль: 5%
0.00022
Низкий
7 High
CVSS3
8.4 High
CVSS3
Дефекты
CWE-362
CWE-362