In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
https://android.googlesource.com/platform/frameworks/base/+/70ec64dc5a2a816d6aa324190a726a85fd749b30 | Patch |
https://source.android.com/security/bulletin/2023-08-01 | Patch Vendor Advisory |
Configurations
History
24 Aug 2023, 15:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Google android
|
|
CWE | CWE-269 | |
References | (MISC) https://source.android.com/security/bulletin/2023-08-01 - Patch, Vendor Advisory | |
References | (MISC) https://android.googlesource.com/platform/frameworks/base/+/70ec64dc5a2a816d6aa324190a726a85fd749b30 - Patch |
14 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-14 21:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-21269
Mitre link : CVE-2023-21269
CVE.ORG link : CVE-2023-21269
JSON object : View
Products Affected
- android
CWE
CWE-269
Improper Privilege Management