← Retour aux CVEs

CVE-2023-35674

HIGHCISA KEV

7.8

Description

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Details CVE

Score CVSS v3.17.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie9/11/2023

Derniere modification10/23/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurAndroid

ProduitFramework

Nom vulnerabiliteAndroid Framework Privilege Escalation Vulnerability

Date ajout KEV2023-09-13

Date limite remediation2023-10-04

Utilise dans ransomwareUnknown

Produits affectes

google:android

Faiblesses (CWE)

CWE-269

References

https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e(security@android.com)

https://source.android.com/security/bulletin/2023-09-01(security@android.com)

https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e(af854a3a-2127-422b-91ae-364da2661108)

https://source.android.com/security/bulletin/2023-09-01(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35674(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.