Headline
CVE-2023-35682
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
)]}’ { "commit": "09f8b0e52e45a0b39bab457534ba2e5ae91ffad0", "tree": "dbd3cd11150c6a5ea77d78e2afe420a578af4d1b", "parents": [ “4d098abb45aa38004cc5057b6dc382a148b56f01” ], "author": { "name": "Pinyao Ting", "email": "[email protected]", "time": “Thu Jun 01 18:12:44 2023 -0700” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Fri Jul 14 17:31:09 2023 +0000” }, "message": "Fix permission issue in legacy shortcut\n\nWhen building legacy shortcut, Launcher calls\nPackageManager#resolveActivity to retrieve necessary permission to\nlaunch the intent.\n\nHowever, when the source app wraps an arbitrary intent within\nIntent#createChooser, the existing logic will fail because launching\nChooser doesn\u0027t require additional permission.\n\nThis CL fixes the security vulnerability by performing the permission\ncheck against the intent that is wrapped within.\n\nBug: 270152142\nTest: manual\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c53818a16b4322a823497726ac7e7a44501b4442)\nMerged-In: If35344c08975e35085c7c2b9b814a3c457a144b0\nChange-Id: If35344c08975e35085c7c2b9b814a3c457a144b0\n", "tree_diff": [ { "type": "modify", "old_id": "f42d30453b1727a5155f1bf5c56329e2c097b696", "old_mode": 33188, "old_path": "src/com/android/launcher3/util/PackageManagerHelper.java", "new_id": "557d57e2d2d7efb4b310fe1bd1b8db50f9e86a71", "new_mode": 33188, "new_path": “src/com/android/launcher3/util/PackageManagerHelper.java” } ] }
Related news
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.