Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:ASB-A-212467440
HistoryMay 01, 2022 - 12:00 a.m.

SystemUI unwraps PendingIntent through getIntent() allowing launching OngoingCallController arbitrary Activities via

2022-05-0100:00:00
Google
osv.dev
5
systemui
pendingintent
activity launch
ongoingcallcontroller
intent redirection
local privilege escalation

AI Score

7.1

Confidence

High

EPSS

0

Percentile

5.1%

JSON

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Related

nvd 1
cvelist 1
cve 1
prion 1
nvd
nvd
CVE-2022-20116
2022-05-10 20:15:09
cvelist
cvelist
CVE-2022-20116
2022-05-10 19:59:40
cve
cve
CVE-2022-20116
2022-05-10 20:15:09
prion
prion
Design/Logic Flaw
2022-05-10 20:15:00

AI Score

7.1

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for OSV:ASB-A-212467440
nvd1cvelist1cve1prion1