The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.
References
Link | Resource |
---|---|
https://lgsecurity.lge.com/bulletins/mobile#updateDetails | Vendor Advisory |
https://lgsecurity.lge.com/bulletins/mobile#updateDetails | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 08:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://lgsecurity.lge.com/bulletins/mobile#updateDetails - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.6 |
02 Oct 2023, 15:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:*:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
First Time |
Google android
Lg v60 Thin Q 5g Lg |
|
References | (MISC) https://lgsecurity.lge.com/bulletins/mobile#updateDetails - Vendor Advisory |
27 Sep 2023, 15:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-27 15:19
Updated : 2024-11-21 08:25
NVD link : CVE-2023-44126
Mitre link : CVE-2023-44126
CVE.ORG link : CVE-2023-44126
JSON object : View
Products Affected
lg
- v60_thin_q_5g
- android
CWE