Vulnerabilities > CVE-2023-20950 - Incorrect Authorization vulnerability in Google Android 11.0/12.0/12.1

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
google
CWE-863

Summary

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-195756028

Vulnerable Configurations

Part Description Count
OS
Google
3

Common Weakness Enumeration (CWE)