// For flags

CVE-2023-44122

LockScreenSettings - Theft arbitrary files with system privilege

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable.

La vulnerabilidad es el robo de archivos arbitrarios con privilegios del sistema en la aplicación LockScreenSettings ("com.lge.lockscreensettings") en el archivo "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java". El principal problema es que la aplicación lanza intenciones implícitas que pueden ser interceptados por aplicaciones de terceros instaladas en el mismo dispositivo. También pueden devolver datos arbitrarios que se pasarán al método "onActivityResult()". La aplicación LockScreenSettings copia el archivo recibido en la ruta "/data/shared/dw/mycategory/wallpaper_01.png" y luego cambia el modo de acceso al archivo a legible y escribible en todo el mundo.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-09-26 CVE Reserved
  • 2023-09-27 CVE Published
  • 2024-09-20 CVE Updated
  • 2024-10-29 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-668: Exposure of Resource to Wrong Sphere
  • CWE-927: Use of Implicit Intent for Sensitive Communication
CAPEC
  • CAPEC-122: Privilege Abuse
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://lgsecurity.lge.com/bulletins/mobile#updateDetails 2023-10-02
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 12.0
Search vendor "Google" for product "Android" and version "12.0"
-
Affected
in Lg
Search vendor "Lg"
 V60 Thin Q 5g
Search vendor "Lg" for product "V60 Thin Q 5g"
--
Safe
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 13.0
Search vendor "Google" for product "Android" and version "13.0"
-
Affected
in Lg
Search vendor "Lg"
 V60 Thin Q 5g
Search vendor "Lg" for product "V60 Thin Q 5g"
--
Safe