Headline
CVE-2023-21283
In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
)]}’ { "commit": "9b41a963f352fdb3da1da8c633d45280badfcb24", "tree": "49a71d93fae992774e9bb48afeed5a785168139b", "parents": [ “05dc6b45187be90de495056e82f814e665a61aef” ], "author": { "name": "Pranav Madapurmath", "email": "[email protected]", "time": “Thu Jun 01 00:26:10 2023 +0000” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:34:53 2023 +0000” }, "message": "[conflict] Resolve StatusHints image exploit across user. am: a853f6ba61\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/packages/services/Telecomm/+/23463634\n\nFixes: 285211549\nFixes: 280797684\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:41042bd0c8e1e47c19dfdb2a378c70d2090b1e15)\nMerged-In: I69b0c64413ce3b5e8f56c4fbc5e195a5f5adb6d7\nChange-Id: I69b0c64413ce3b5e8f56c4fbc5e195a5f5adb6d7\n", "tree_diff": [ { "type": "modify", "old_id": "5bb1dbe08f136f5bb995b1aa466dcc4c57305437", "old_mode": 33261, "old_path": "src/com/android/server/telecom/ConnectionServiceWrapper.java", "new_id": "d38af578656a9c94ce62cd04dffbe2e41078b639", "new_mode": 33261, "new_path": “src/com/android/server/telecom/ConnectionServiceWrapper.java” }, { "type": "modify", "old_id": "049a501631f02adbc2884ca874fcd08368c2eea9", "old_mode": 33188, "old_path": "tests/src/com/android/server/telecom/tests/BasicCallTests.java", "new_id": "7bce5a672f572864e0670e6c9a6abc0808868591", "new_mode": 33188, "new_path": “tests/src/com/android/server/telecom/tests/BasicCallTests.java” }, { "type": "modify", "old_id": "926d74078e60f5514fa8789f7bdd7dd1fac07bff", "old_mode": 33188, "old_path": "tests/src/com/android/server/telecom/tests/CallExtrasTest.java", "new_id": "cf44cfeff6ecb6a6dbc54c7d62d1b005f3b3f810", "new_mode": 33188, "new_path": “tests/src/com/android/server/telecom/tests/CallExtrasTest.java” }, { "type": "modify", "old_id": "6e6646f7aef2b3d8d472b0b36e06b0ff0271d2be", "old_mode": 33261, "old_path": "tests/src/com/android/server/telecom/tests/ConnectionServiceFixture.java", "new_id": "9f0b6aaf8c7084e8666bc62ca48139547c5e1d28", "new_mode": 33261, "new_path": “tests/src/com/android/server/telecom/tests/ConnectionServiceFixture.java” }, { "type": "modify", "old_id": "d6ff196b9f4f117dbe80ec4090641ccef83e7907", "old_mode": 33188, "old_path": "tests/src/com/android/server/telecom/tests/TelecomSystemTest.java", "new_id": "137cf8b4803f44dd0b8cf52c64fd9b92802fbaa7", "new_mode": 33188, "new_path": “tests/src/com/android/server/telecom/tests/TelecomSystemTest.java” }, { "type": "modify", "old_id": "97e71d18bf6b8d94eaf436bf107b4ac0c93adeda", "old_mode": 33188, "old_path": "tests/src/com/android/server/telecom/tests/VideoCallTests.java", "new_id": "84beedc0f5d2d0028b7abb8ed6eda81e46ed19f8", "new_mode": 33188, "new_path": “tests/src/com/android/server/telecom/tests/VideoCallTests.java” } ] }
Related news
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.