CVE Vulnerabilities

CVE-2023-40079

Published: Dec 04, 2023 | Modified: Feb 15, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Software

Name Vendor Start Version End Version
Android Google 14.0 (including) 14.0 (including)

References