ASB-A-259385017 — Vulnetix

ASB-A-259385017 PUBLISHED

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	13-next:0, 13-next, 11:0

Timeline

May 1, 2023 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2023-05-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/179e5ce2a521710992b5ebdb2d88e0c3b3f2c12b patch

Open in Interactive Console →