CVE Published: 15/02/2024 |
CVE Updated: 26/08/2024 |
CVE Year: 2023 Source: google_android |
Vendor: Google |
Product: Android Status : PUBLISHED
CVE-2023-40111 Description
In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.