Lucene search

GoogleOSV:ASB-A-289809991

HistoryOct 01, 2023 - 12:00 a.m.

Another Background starting activities restrictions bypass in CallRedirectionService

2023-10-0100:00:00

Google

osv.dev

callredirectionservice

logic error

code

privilege escalation

background activity

user interaction

exploitation

software

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/packages/services/telecommeq13
platform/packages/services/telecommeq12L
platform/packages/services/telecommeq11
platform/packages/services/telecommeq12

Name	Operator	Version
platform/packages/services/telecomm	eq	13
platform/packages/services/telecomm	eq	12L
platform/packages/services/telecomm	eq	11
platform/packages/services/telecomm	eq	12

References

android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218

source.android.com/security/bulletin/2023-10-01

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-289809991