Headline
CVE-2023-35669
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "f810d81839af38ee121c446105ca67cb12992fc6", "tree": "b2589522f06167da4811d58d8b9a0bc6f4357734", "parents": [ “109e58b62dc9fedcee93983678ef9d4931e72afa” ], "author": { "name": "Dmitry Dementyev", "email": "[email protected]", "time": “Wed Jul 05 10:45:04 2023 -0700” }, "committer": { "name": "Duy Truong", "email": "[email protected]", "time": “Wed Jul 19 17:51:46 2023 -0700” }, "message": "Update AccountManagerService checkKeyIntentParceledCorrectly.\n\nBug: 265798288\nTest: manual\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8476b140eed0235df4e8f07d94420a1471191b55)\nMerged-In: Ia2030a9dc371dccadd4e188a529351ac4232bb4f\nChange-Id: Ia2030a9dc371dccadd4e188a529351ac4232bb4f\n", "tree_diff": [ { "type": "modify", "old_id": "639f35e1ae13895c1c785e78b1f99ffa3ac414e0", "old_mode": 33188, "old_path": "services/core/java/com/android/server/accounts/AccountManagerService.java", "new_id": "7a19d034c2c820b6197c6c37ae94cbada72926a2", "new_mode": 33188, "new_path": “services/core/java/com/android/server/accounts/AccountManagerService.java” } ] }
Related news
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.