Back to KEVs

CVE-2023-35674

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 15, 2023
Published Date
September 11, 2023
Last Updated
February 04, 2025
Vendor
Google
Product
Android
Description
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Tags
windows android cisa

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2023-09-13 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2023-09-11 05:34:43 UTC) Source

References

https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e https://source.android.com/security/bulletin/2023-09-01

Known Exploited Vulnerability Information

Source Added Date
CISA 2023-09-13 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Thampakon/CVE-2023-35674

Type: github • Created: 2023-09-11 05:34:43 UTC • Stars: 0

ช่องโหว่ CVE-2023-35674 *สถานะ: ยังไม่เสร็จ*

Timeline

  • CVE ID Reserved

  • Proof of Concept Exploit Available

  • CVE Published to Public

  • Added to KEVIntel