Headline
CVE-2023-21292
In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "d10b27e539f7bc91c2360d429b9d05f05274670d", "tree": "5990c2b0bb87f6f48fe643e2e2bcb1404cfd4cd6", "parents": [ “5b7edbf2ba076b04000eb5d27101927eeb609c26” ], "author": { "name": "Austin Borger", "email": "[email protected]", "time": “Sat Mar 18 12:56:12 2023 -0700” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:33:32 2023 +0000” }, "message": "ActivityManagerService: Allow openContentUri from vendor/system/product.\n\nApps should not have direct access to this entry point. Check that the\ncaller is a vendor, system, or product package.\n\nTest: Ran PoC app and CtsMediaPlayerTestCases.\nBug: 236688380\n(cherry picked from commit d0ba7467c2cb2815f94f6651cbb1c2f405e8e9c7)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e37820e47c383aecf9d1173a0676c27e6a59ce4f)\nMerged-In: I0335496d28fa5fc3bfe1fecd4be90040b0b3687f\nChange-Id: I0335496d28fa5fc3bfe1fecd4be90040b0b3687f\n", "tree_diff": [ { "type": "modify", "old_id": "cd221a8feb18b9966d8e1e8fcdddce4bda9fad41", "old_mode": 33188, "old_path": "services/core/java/com/android/server/am/ActivityManagerService.java", "new_id": "570c8d4075cdf4b587f0af82d771f7be1529b2db", "new_mode": 33188, "new_path": “services/core/java/com/android/server/am/ActivityManagerService.java” } ] }
Related news
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.