Headline
CVE-2023-21266
In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "5b7edbf2ba076b04000eb5d27101927eeb609c26", "tree": "d0af2a7543d1cb1c44fac47be9533600dab0ee4d", "parents": [ “a267ee1bc216c7e62ec984a88aa2310762bb5519” ], "author": { "name": "Jing Ji", "email": "[email protected]", "time": “Tue Oct 25 22:39:52 2022 -0700” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:33:27 2023 +0000” }, "message": "DO NOT MERGE: ActivityManager#killBackgroundProcesses can kill caller\u0027s own app only\n\nunless it\u0027s a system app.\n\nBug: 239423414\nBug: 223376078\nTest: atest CtsAppTestCases:ActivityManagerTest\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fa94ce5c7738e449cb6bd68c77af4858018e49e0)\nMerged-In: Iac6baa889965b8ffecd9a43179a4c96632ad1d02\nChange-Id: Iac6baa889965b8ffecd9a43179a4c96632ad1d02\n", "tree_diff": [ { "type": "modify", "old_id": "5d1d225f4d2d9a977d357589e21f1bb96e2d55b2", "old_mode": 33188, "old_path": "core/java/android/app/ActivityManager.java", "new_id": "68a42d1481094731b59af3c2ee92301df9ad0031", "new_mode": 33188, "new_path": “core/java/android/app/ActivityManager.java” }, { "type": "modify", "old_id": "7439b2f0921ff1d40e15125dd765f842831adf13", "old_mode": 33188, "old_path": "core/res/AndroidManifest.xml", "new_id": "cb000115de247ce740b11c3c3bd7d15d951207d1", "new_mode": 33188, "new_path": “core/res/AndroidManifest.xml” }, { "type": "modify", "old_id": "a70a01f0afa7abffb3f141714bc14d4029168702", "old_mode": 33188, "old_path": "services/core/java/com/android/server/am/ActivityManagerService.java", "new_id": "cd221a8feb18b9966d8e1e8fcdddce4bda9fad41", "new_mode": 33188, "new_path": “services/core/java/com/android/server/am/ActivityManagerService.java” } ] }
Related news
Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.