CVE-2023-35674

HIGH KEV

Android - Local Privilege Escalation via WindowState Logic Error

Title source: llm

Exploitation Summary

CVE-2023-35674 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 13, 2023. EIP tracks 2 public exploits from researchers including SpiralBL0CK, Thampakon.

AI-analyzed exploit summary The repository contains theoretical code and a guide for CVE-2023-35674, focusing on Android permission handling and presentation activities. It lacks a functional exploit but includes comments suggesting potential exploitation paths.

Description

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (2)

nomisec THEORETICAL 2 stars

by SpiralBL0CK · poc

https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674

View Code ZIP pw:eip

The repository contains theoretical code and a guide for CVE-2023-35674, focusing on Android permission handling and presentation activities. It lacks a functional exploit but includes comments suggesting potential exploitation paths.

Classification

Theoretical 60%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Android (version not specified)

No auth needed

Prerequisites: Android device with vulnerable permission handling · Ability to install and run the provided code

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by Thampakon · poc

https://github.com/Thampakon/CVE-2023-35674

View Code ZIP pw:eip

The repository contains a README describing CVE-2023-35674, a high-severity zero-day vulnerability in the Android Framework allowing local privilege escalation via cache file manipulation. No exploit code is provided, only a detailed explanation of the vulnerability.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Android Framework

No auth needed

Prerequisites: Access to the target Android device · Ability to manipulate app cache files

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch

https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e

Patch, Vendor Advisory

https://source.android.com/security/bulletin/2023-09-01

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35674

Scores

CVSS v3 7.8

EPSS 0.0220

EPSS Percentile 80.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-09-13

VulnCheck KEV 2023-09-05

InTheWild.io 2023-09-05

ENISA EUVD EUVD-2023-39674

CWE

CWE-269

Status published

Products (4)

google/android 11.0

google/android 12.0

google/android 12.1

google/android 13.0

Published Sep 11, 2023

KEV Added Sep 13, 2023

Tracked Since Feb 18, 2026