Vulnerability Description
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 11.0 |
Related Weaknesses (CWE)
References
- https://android.googlesource.com/platform/frameworks/base/+/16c604aa7c253ce5cf07Patch
- https://android.googlesource.com/platform/frameworks/base/+/51051de4eb40bb502db4Patch
- https://android.googlesource.com/platform/frameworks/base/+/8418e3a017428683d173Patch
- https://source.android.com/security/bulletin/2023-07-01PatchVendor Advisory
- https://android.googlesource.com/platform/frameworks/base/+/16c604aa7c253ce5cf07Patch
- https://android.googlesource.com/platform/frameworks/base/+/51051de4eb40bb502db4Patch
- https://android.googlesource.com/platform/frameworks/base/+/8418e3a017428683d173Patch
- https://source.android.com/security/bulletin/2023-07-01PatchVendor Advisory
FAQ
What is CVE-2023-20918?
CVE-2023-20918 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not need...
How severe is CVE-2023-20918?
CVE-2023-20918 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-20918?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.