CVE-2023-20963
CVE-2023-20963
In short
A flaw in WorkSource allows an attacker to cause a mismatch in how data packages are handled, enabling unauthorized privilege escalation on Android devices without needing special permissions or user interaction.
Technical detail
CWE-295 vulnerability in WorkSource service on Android 11-13 permits local privilege escalation through parcel serialization/deserialization mismatch, allowing an unprivileged local process to execute with elevated privileges without user interaction or additional execution capabilities.
Summary generated and translated by AI from the official description.
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Androidpublic PoCs found — 2
githubgithub.com/pwnipc/BadParcel★ 77githubgithub.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-20963★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →