First published: Mon Dec 04 2023(Updated: )
In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
=11.0 | ||
=12.0 | ||
=12.1 | ||
=13.0 | ||
=14.0 |
https://android.googlesource.com/platform/frameworks/base/+/1a42ae5379269b9e4dac9f5fbf803c6c731c655d
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-40081.
The severity of CVE-2023-40081 is high with a severity score of 7.
The affected software is Google Android.
No, user interaction is not needed for exploitation.
Yes, you can find references for this vulnerability at the following links: [Link 1](https://source.android.com/security/bulletin/2023-12-01), [Link 2](https://source.android.com/docs/security/bulletin/2023-12-01).