In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.
Google
Privilege Escalation
XSS
Android
NVD
CVSS 3.1
3.9
EPSS
0.1%