Audio File Disclosure Vulnerability in NotificationSoundPreference

Audio File Disclosure Vulnerability in NotificationSoundPreference

CVE-2024-0020 · Severity

In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.