CVE-2023-44124

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.3
v2 : unknown
v3 : 6.1
References () https://lgsecurity.lge.com/bulletins/mobile#updateDetails - Vendor Advisory () https://lgsecurity.lge.com/bulletins/mobile#updateDetails - Vendor Advisory

02 Oct 2023, 18:22

Type Values Removed Values Added
CWE CWE-668
First Time Google android
Lg v60 Thin Q 5g
Google
Lg
References (MISC) https://lgsecurity.lge.com/bulletins/mobile#updateDetails - (MISC) https://lgsecurity.lge.com/bulletins/mobile#updateDetails - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.3
CPE cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*

27 Sep 2023, 15:19

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:19

Updated : 2024-11-21 08:25


NVD link : CVE-2023-44124

Mitre link : CVE-2023-44124

CVE.ORG link : CVE-2023-44124


JSON object : View

Products Affected

lg

  • v60_thin_q_5g

google

  • android
CWE
CWE-927

Use of Implicit Intent for Sensitive Communication

CWE-668

Exposure of Resource to Wrong Sphere