ASB-A-282934003 — Vulnetix

ASB-A-282934003 PUBLISHED

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	14-next:0, 14-next, 13:0

Exploit Intelligence

packageScanner_test.cpp (github-poc)
test_pipeline_blame.py (github-poc)

Timeline

Jan 1, 2024 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2024-01-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/53ea491d276f9a7c586c7983c08105a9bb7051f1 patch

Open in Interactive Console →