VDB
CISA-2024-0015
CISA-2024-0015
PUBLISHED
CVSS 7.8 HIGH
Reported by google_android · Published February 16, 2024
In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 13, 12L, 12 | |
| Android | 13, 12L, 12 | |
| android | 11.0, 12.0, 12l |
Timeline
- Feb 16, 2024 CVE Published
- Mar 14, 2025 CVE Updated