Lucene search

GoogleOSV:ASB-A-213644870

HistoryJul 01, 2022 - 12:00 a.m.

SF Security Vulnerability, Privilege Escalation through transaction merging

2022-07-0100:00:00

Google

osv.dev

security

vulnerability

privilege escalation

windowmanagerservice

input validation

tapjacking

local escalation

user execution

exploitation

software

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

AI Score

7.1

Confidence

High

EPSS

Percentile

5.1%

JSON

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

References

android.googlesource.com/platform/frameworks/base/+/20303e05bf73796124ab70a279cf849b61b97905

android.googlesource.com/platform/frameworks/native/+/1ff38ab351a617c4870eec236b70932ff2c4473b

source.android.com/security/bulletin/2022-07-01

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

AI Score

7.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-213644870