In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2023-07-12T23:29:44.442Z
Updated: 2024-08-02T09:28:26.137Z
Reserved: 2022-11-03T22:37:50.652Z
Link: CVE-2023-21246
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-13T00:15:23.727
Modified: 2023-07-25T16:16:17.067
Link: CVE-2023-21246
Redhat
No data.