CVE-2023-40122
LOWDescription
In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| android | |
| android | |
| android | |
| android | |
| android |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2023-40122? +
How severe is CVE-2023-40122? +
What products are affected by CVE-2023-40122? +
How do I check if I'm vulnerable to CVE-2023-40122? +
Related Vulnerabilities
In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead …
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code …
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of …
Google Nest WiFi Pro root code-execution & user-data compromise
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default …
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and …