Headline
CVE-2023-35667
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "d8355ac47e068ad20c6a7b1602e72f0585ec0085", "tree": "f8cac26c332efe2eea5230b368e944cfd75b4582", "parents": [ “185bd5b809d252a866952cec5b97897fd261447b” ], "author": { "name": "Matías Hernández", "email": "[email protected]", "time": “Mon Jun 05 18:24:04 2023 +0200” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Fri Jul 14 17:31:24 2023 +0000” }, "message": "Don\u0027t hide approved NLSes in Settings\n\nNote that an NLS that shouldn\u0027t be approvable (because its name is too long) but was already approved (either before the max length check was introduced, or through other means) will disappear from the list if the user revokes its access. This might be somewhat confusing, but since this is a very-edge case already it\u0027s fine.\n\nBug: 282932362\nTest: manual\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ff255c6eda1528f01a167a9a65b7f8e414d28584)\nMerged-In: I4c9faea68e6d16b1a4ec7f472b5433cac1704c06\nChange-Id: I4c9faea68e6d16b1a4ec7f472b5433cac1704c06\n", "tree_diff": [ { "type": "modify", "old_id": "56d3f0e445c773b94df4971107f6755ded8d7d32", "old_mode": 33188, "old_path": "src/com/android/settings/notification/NotificationAccessSettings.java", "new_id": "369c4f6dfaf81bcd91d764eff38c6309c16504bb", "new_mode": 33188, "new_path": “src/com/android/settings/notification/NotificationAccessSettings.java” }, { "type": "modify", "old_id": "150dbe0483d208bd64bf5892f7b48ecc32add162", "old_mode": 33188, "old_path": "src/com/android/settings/notification/NotificationBackend.java", "new_id": "cbc3e72e224cb8347af1437cd7b7629178946de9", "new_mode": 33188, "new_path": “src/com/android/settings/notification/NotificationBackend.java” }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "e644c2975b71fecf26e47754f6d77f4aab142a3a", "new_mode": 33188, "new_path": “tests/robotests/src/com/android/settings/notification/NotificationAccessSettingsTest.java” } ] }
Related news
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.