Race condition vulnerability in updatePreferenceIntents of AccountTypePreferenceLoader allows for local escalation of privilege and launching privileged activities without additional execution privileges needed

Race condition vulnerability in updatePreferenceIntents of AccountTypePreferenceLoader allows for local escalation of privilege and launching privileged activities without additional execution privileges needed

CVE-2020-0238 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634

Learn more about our Cis Benchmark Audit For Google Android.