ASB-A-278722815 — Vulnetix

ASB-A-278722815 PUBLISHED

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	frameworks/base	14-next:0, 14-next, 14

Timeline

Dec 1, 2023 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2023-12-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/96e0524c48c6e58af7d15a2caf35082186fc8de2 patch

Open in Interactive Console →