Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-44121

The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps.

Published

2023-09-27T15:19:35.680

Last Modified

2024-11-21T08:25:17.283

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Secondary
CWE-926
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	android	≤ 13.0	Yes
Hardware	lg	v60_thin_q_5g	-	No

References

https://lgsecurity.lge.com/bulletins/mobile#updateDetails Vendor Advisory ([email protected])
https://lgsecurity.lge.com/bulletins/mobile#updateDetails Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)