BadParcel

See Bundle Fengshui for a deep dive on this bug class.

This repository contains PoC for CVE-2023-20963, which is mismatch in the Android WorkSource parcel/unparcel logic.

The vulnerability is patched on Android's Security Bulletin of March 2023. The exploit should work on devices on AOSP versions 11, 12, 12L, 13 with security patch levels prior to March 2023.

Screen Lock Bypass with CVE-2023-20963 POC