CVE-2023-40130

HIGH

CallRedirectionProcessor - Privilege Escalation

Title source: llm

Description

In notifyTimeout of CallRedirectionProcessor, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (1)

nomisec WORKING POC 12 stars

by wrlu · poc

https://github.com/wrlu/CVE-2023-40130

View Code ZIP pw:eip

References (4)

Core 4

Core References

Patch

https://android.googlesource.com/platform/packages/services/Telecomm/+/a43a880beaa6a64348a1d0c821e8c7e98d741a79

Patch

https://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218

Patch, Vendor Advisory

https://source.android.com/security/bulletin/2023-10-01

Vendor Advisory

https://source.android.com/security/bulletin/2025-12-01

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 1.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (4)

google/android 11.0

google/android 12.0

google/android 12.1

google/android 13.0

Published Oct 27, 2023

Tracked Since Feb 18, 2026