CVE-2023-40097
HIGHAndroid - Local Privilege Escalation via URI Grant in PackageManagerHelper
Title source: llmDescription
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References (2)
Core 2
Core References
Mailing List, Patch
https://android.googlesource.com/platform/packages/apps/Launcher3/+/6c9a41117d5a9365cf34e770bbb00138f6bf997e
Patch, Vendor Advisory
https://source.android.com/security/bulletin/2023-12-01
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
8.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (4)
google/android
11.0
google/android
12.0
google/android
12.1
google/android
13.0
Published
Dec 04, 2023
Tracked Since
Feb 18, 2026