Headline
CVE-2023-40130
In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "5b335401d1c8de7d1c85f4a0cf353f7f9fc30218", "tree": "85b52fe7ec98818de079ea0df2d775b8c39a2655", "parents": [ “dd302d211bd8b935464b48551a76ef718bf33ccc” ], "author": { "name": "Grace Jia", "email": "[email protected]", "time": “Thu Jul 20 13:42:50 2023 -0700” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Aug 10 17:13:01 2023 +0000” }, "message": "Fix vulnerability in CallRedirectionService.\n\nCurrently when the CallRedirectionService binding died, we didn\u0027t do\nanything, which cause malicious app start activities even not run in the\nbackground by implementing a CallRedirectionService and overriding the\nonPlaceCall method to schedule a activity start job in an independent\nprocess and then kill itself. In that way, the activity can still\nstart after the CallRedirectionService died. Fix this by unbinding the\nservice when the binding died.\n\nBug: b/289809991\nTest: Using testapp provided in bug to make sure the test activity can\u0027t\nbe started\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:29b52e3cd027da2d8644450a4dee3a7d95dc0043)\nMerged-In: I065d361b83700474a1efab2a75928427ee0a14ba\nChange-Id: I065d361b83700474a1efab2a75928427ee0a14ba\n", "tree_diff": [ { "type": "modify", "old_id": "226382bde4ab09d0efc1ec408db64c7e3c2cf633", "old_mode": 33188, "old_path": "src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java", "new_id": "02debcd6c1b5710c2a7a14cd97165ff3d8e080cc", "new_mode": 33188, "new_path": “src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java” } ] }
Related news
Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.