ASB-A-246300272 — Vulnetix

ASB-A-246300272 PUBLISHED

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	13, ,

Timeline

Jan 1, 2023 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2023-01-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/0d461c5bedc547bf4e42c5034ce7d04f51cedf54 patch

Open in Interactive Console →