Local Privilege Escalation Vulnerability in KeyguardSliceProvider

CVE-2020-0114

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347

Learn more about our Cis Benchmark Audit For Google Android.