CVE-2020-0114

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description A possible confused deputy issue exists due to a PendingIntent error in the onCreateSliceProvider of KeyguardSliceProvider.java. This could lead to local escalation of privilege, allowing actions to be performed as the System UI without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations For Android version Android-10, consider restricting access to the KeyguardSliceProvider until a patch is available. As a temporary workaround, review and limit the use of PendingIntent to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.