CVE-2023-44125

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-285
View all →

Vulnerability Description

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag.

Related Vulnerabilities

CVE-2014-9945

HIGH
CVSS:7.8(High)

In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.

CWE-2852014

CVE-2014-9950

HIGH
CVSS:7.8(High)

In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.

CWE-2852014

CVE-2016-7035

HIGH
CVSS:7.8(High)

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for ...

CWE-2852016

CVE-2016-8443

HIGH
CVSS:7.8(High)

Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC...

CWE-2852016

CVE-2018-10906

HIGH
CVSS:7.8(High)

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_othe...

CWE-2852018

CVE-2018-13908

HIGH
CVSS:7.8(High)

Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electroni...

CWE-2852018