GoogleOSV:ASB-A-265798353Control activityOptions via AddAccountSettings due to unsafe deserialization
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
android.googlesource.com/platform/packages/apps/Car/Settings/+/b38de797e506d274f80475c41844e568f171e985
android.googlesource.com/platform/packages/apps/Car/Settings/+/f88226abae41f35c8b7cb9daa84675573882f7b3
android.googlesource.com/platform/packages/apps/Settings/+/a1b811b82e2a876d65c70a23c9bcbf39060d898a
android.googlesource.com/platform/packages/apps/TvSettings/+/f790bbbc373fcb9d50ee9a1a5e934d044c81624b
source.android.com/security/bulletin/2023-06-01
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%