Lucene search

GoogleOSV:ASB-A-271846393

HistoryJun 01, 2023 - 12:00 a.m.

LaunchAnywhere in SystemUI via OutputSwitcher

2023-06-0100:00:00

Google

osv.dev

sysui

unsafe intent

local escalation

no user interaction

execution privileges

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/frameworks/baseeq13

CPE	Name	Operator	Version
	platform/frameworks/base	eq	13

References

android.googlesource.com/platform/frameworks/base/+/0f857518e3dd6490508a88ceac39309e77cb231b

android.googlesource.com/platform/frameworks/base/+/3721a8ad742248e7c017115c088291015f40319d

android.googlesource.com/platform/frameworks/base/+/b8e6044520761f537473d0a04a651118236d2c52

source.android.com/security/bulletin/2023-06-01

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-271846393