GSD-2023-21342 — Vulnetix

GSD-2023-21342 PUBLISHED CVSS 7.800000190734863 HIGH

In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Google	Android	13
google	android	0

Timeline

Oct 30, 2023 CVE Published
Aug 14, 2025 PoC Published

References

https://android.googlesource.com/platform/frameworks/base/+/03bb6b20a8eaa7c565401597294ea9e3aee6d4ab url
https://source.android.com/security/bulletin/2025-05-01 url
https://source.android.com/docs/security/bulletin/android-14 url

Open in Interactive Console →