In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation.
References
| Link | Resource |
|---|---|
| https://android.googlesource.com/platform/frameworks/base/+/86c8421c1181816b6cb333eb62a78e32290c4b17 | Mailing List Patch |
| https://android.googlesource.com/platform/frameworks/base/+/86c8421c1181816b6cb333eb62a78e32290c4b17 | Mailing List Patch |
| https://source.android.com/security/bulletin/2023-11-01 | Patch Vendor Advisory |
| https://source.android.com/security/bulletin/2023-11-01 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Dec 2024, 20:10
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Google android
|
|
| References | () https://source.android.com/security/bulletin/2023-11-01 - Patch, Vendor Advisory | |
| References | () https://android.googlesource.com/platform/frameworks/base/+/86c8421c1181816b6cb333eb62a78e32290c4b17 - Mailing List, Patch | |
| CWE | CWE-125 | |
| CPE | cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:* cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
15 Feb 2024, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-15 23:15
Updated : 2024-12-13 20:10
NVD link : CVE-2023-40124
Mitre link : CVE-2023-40124
JSON object : View
Products Affected
- android
CWE
CWE-125
Out-of-bounds Read