CVE-2023-20962

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue is related to the getSliceEndItem function in MediaVolumePreferenceController.java, where an unsafe PendingIntent could allow starting a foreground activity from the background. This could lead to local information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android version Android-13, consider restricting the use of the getSliceEndItem function in MediaVolumePreferenceController.java until a patch is available. As a temporary workaround, review and secure any PendingIntent usage to prevent unintended foreground activity starts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.