In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/pixel/2023-07-01 | Vendor Advisory |
https://source.android.com/security/bulletin/pixel/2023-07-01 | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://source.android.com/security/bulletin/pixel/2023-07-01 - Vendor Advisory |
31 Oct 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-273 |
26 Jul 2023, 14:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo | |
References | (MISC) https://source.android.com/security/bulletin/pixel/2023-07-01 - Vendor Advisory | |
First Time |
Google
Google android |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
14 Jul 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-14 16:15
Updated : 2024-11-21 08:08
NVD link : CVE-2023-35692
Mitre link : CVE-2023-35692
CVE.ORG link : CVE-2023-35692
JSON object : View
Products Affected
- android
CWE