Vulnerability Description
The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | >= 9.0, <= 13.0 | |
| Lg | V60 Thin Q 5G | - |
Related Weaknesses (CWE)
References
- https://lgsecurity.lge.com/bulletins/mobile#updateDetailsVendor Advisory
- https://lgsecurity.lge.com/bulletins/mobile#updateDetailsVendor Advisory
FAQ
What is CVE-2023-44121?
CVE-2023-44121 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a th...
How severe is CVE-2023-44121?
CVE-2023-44121 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-44121?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Lg V60 Thin Q 5G.