13.0

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

google

NVD

Published: 2022-12-13

Updated: 2022-12-15

Summary

In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 12.0 Google Android 12.1 Google Android 13.0	3

References

https://source.android.com/security/bulletin/2022-12-01