Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0629
Vulnerability from certfr_avis - Published: 2023-08-08 - Updated: 2023-08-08
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Pixel sans le correctif de s\u00e9curit\u00e9 du 05 ao\u00fbt 2023",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Google Android versions 11, 12, 12L, 13 sans le correctif de s\u00e9curit\u00e9 du 05 ao\u00fbt 2023",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28537"
},
{
"name": "CVE-2023-21285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21285"
},
{
"name": "CVE-2023-21288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21288"
},
{
"name": "CVE-2023-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21290"
},
{
"name": "CVE-2023-28555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28555"
},
{
"name": "CVE-2023-21647",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21647"
},
{
"name": "CVE-2023-21275",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21275"
},
{
"name": "CVE-2023-21132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21132"
},
{
"name": "CVE-2023-21284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21284"
},
{
"name": "CVE-2023-21280",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21280"
},
{
"name": "CVE-2023-21286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21286"
},
{
"name": "CVE-2023-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21271"
},
{
"name": "CVE-2022-34830",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34830"
},
{
"name": "CVE-2023-21279",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21279"
},
{
"name": "CVE-2023-21287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21287"
},
{
"name": "CVE-2023-21274",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21274"
},
{
"name": "CVE-2023-21278",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21278"
},
{
"name": "CVE-2023-21272",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21272"
},
{
"name": "CVE-2023-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21270"
},
{
"name": "CVE-2023-21133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21133"
},
{
"name": "CVE-2022-40510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40510"
},
{
"name": "CVE-2023-21292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21292"
},
{
"name": "CVE-2023-21242",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21242"
},
{
"name": "CVE-2023-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21648"
},
{
"name": "CVE-2023-20965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20965"
},
{
"name": "CVE-2023-21134",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21134"
},
{
"name": "CVE-2023-21649",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21649"
},
{
"name": "CVE-2023-21289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21289"
},
{
"name": "CVE-2023-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21282"
},
{
"name": "CVE-2020-29374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29374"
},
{
"name": "CVE-2023-21281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21281"
},
{
"name": "CVE-2023-20780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20780"
},
{
"name": "CVE-2023-21650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21650"
},
{
"name": "CVE-2023-21267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21267"
},
{
"name": "CVE-2023-21269",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21269"
},
{
"name": "CVE-2023-21273",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21273"
},
{
"name": "CVE-2023-21277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21277"
},
{
"name": "CVE-2023-21268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21268"
},
{
"name": "CVE-2023-21264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21264"
},
{
"name": "CVE-2023-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21140"
},
{
"name": "CVE-2023-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21626"
},
{
"name": "CVE-2023-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21283"
},
{
"name": "CVE-2023-22666",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22666"
},
{
"name": "CVE-2023-21265",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21265"
},
{
"name": "CVE-2023-21276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21276"
},
{
"name": "CVE-2023-21627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21627"
}
],
"initial_release_date": "2023-08-08T00:00:00",
"last_revision_date": "2023-08-08T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0629",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 07 ao\u00fbt 2023",
"url": "https://source.android.com/docs/security/bulletin/2023-08-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android Pixel du 07 ao\u00fbt 2023",
"url": "https://source.android.com/docs/security/bulletin/pixel/2023-08-01"
}
]
}
CVE-2023-21264 (GCVE-0-2023-21264)
Vulnerability from cvelistv5 – Published: 2023-08-14 20:59 – Updated: 2024-10-09 14:25
VLAI
EPSS
Summary
In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/kernel/common/+/b35a06182451f"
},
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/kernel/common/+/53625a846a7b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:24:52.906848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:25:06.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:59:10.345Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/kernel/common/+/b35a06182451f"
},
{
"url": "https://android.googlesource.com/kernel/common/+/53625a846a7b4"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21264",
"datePublished": "2023-08-14T20:59:10.345Z",
"dateReserved": "2022-11-03T22:37:50.653Z",
"dateUpdated": "2024-10-09T14:25:06.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21265 (GCVE-0-2023-21265)
Vulnerability from cvelistv5 – Published: 2023-08-14 20:59 – Updated: 2024-10-09 19:08
VLAI
EPSS
Summary
In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:05:02.348379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:08:41.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:59:28.509Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21265",
"datePublished": "2023-08-14T20:59:28.509Z",
"dateReserved": "2022-11-03T22:37:50.653Z",
"dateUpdated": "2024-10-09T19:08:41.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21267 (GCVE-0-2023-21267)
Vulnerability from cvelistv5 – Published: 2023-08-14 20:59 – Updated: 2024-08-02 09:28
VLAI
EPSS
Summary
In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T14:54:32.382055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:45.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/cecddcd865f72d76f7aacb1cf4479365847299f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/cb7e9c7549a2a076ec00db15e3da0d21b31b0b1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/e205cd30e91d8eeadf562140c34c306ebf7d6394"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2024-04-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T21:01:28.673Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/cecddcd865f72d76f7aacb1cf4479365847299f9"
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/cb7e9c7549a2a076ec00db15e3da0d21b31b0b1c"
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/e205cd30e91d8eeadf562140c34c306ebf7d6394"
},
{
"url": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21267",
"datePublished": "2023-08-14T20:59:41.378Z",
"dateReserved": "2022-11-03T22:37:50.653Z",
"dateUpdated": "2024-08-02T09:28:26.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21268 (GCVE-0-2023-21268)
Vulnerability from cvelistv5 – Published: 2023-08-14 20:59 – Updated: 2024-10-09 18:58
VLAI
EPSS
Summary
In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Denial of service
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T18:58:37.001439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:58:49.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:59:52.485Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21268",
"datePublished": "2023-08-14T20:59:52.485Z",
"dateReserved": "2022-11-03T22:37:50.654Z",
"dateUpdated": "2024-10-09T18:58:49.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21269 (GCVE-0-2023-21269)
Vulnerability from cvelistv5 – Published: 2023-08-14 21:00 – Updated: 2024-10-09 15:25
VLAI
EPSS
Summary
In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/70ec64dc5a2a816d6aa324190a726a85fd749b30"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:23:08.834309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:25:42.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:00:08.724Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/70ec64dc5a2a816d6aa324190a726a85fd749b30"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21269",
"datePublished": "2023-08-14T21:00:08.724Z",
"dateReserved": "2022-11-03T22:37:50.654Z",
"dateUpdated": "2024-10-09T15:25:42.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21270 (GCVE-0-2023-21270)
Vulnerability from cvelistv5 – Published: 2024-11-19 18:00 – Updated: 2024-11-20 16:35
VLAI
EPSS
Summary
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "sc-dev"
},
{
"status": "affected",
"version": "sc-v2-dev"
},
{
"status": "affected",
"version": "tm-dev"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:32:43.516798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:35:48.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Andrioid",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "sc-dev"
},
{
"status": "affected",
"version": "sc-v2-dev"
},
{
"status": "affected",
"version": "tm-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:00:47.701Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21270",
"datePublished": "2024-11-19T18:00:47.701Z",
"dateReserved": "2022-11-03T22:37:50.654Z",
"dateUpdated": "2024-11-20T16:35:48.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21271 (GCVE-0-2023-21271)
Vulnerability from cvelistv5 – Published: 2023-08-14 21:00 – Updated: 2024-10-09 15:20
VLAI
EPSS
Summary
In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/e44e1064ccec2aa09fc66bd750d66919129ae6b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:16:19.831198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:20:34.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:00:47.078Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/e44e1064ccec2aa09fc66bd750d66919129ae6b4"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21271",
"datePublished": "2023-08-14T21:00:47.078Z",
"dateReserved": "2022-11-03T22:37:50.654Z",
"dateUpdated": "2024-10-09T15:20:34.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21272 (GCVE-0-2023-21272)
Vulnerability from cvelistv5 – Published: 2023-08-14 21:01 – Updated: 2024-10-09 15:14
VLAI
EPSS
Summary
In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/4dea696369a309cf39daa3e94fec7156c290a9c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:08:38.155174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:14:06.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:01:10.248Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/4dea696369a309cf39daa3e94fec7156c290a9c2"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21272",
"datePublished": "2023-08-14T21:01:10.248Z",
"dateReserved": "2022-11-03T22:37:50.654Z",
"dateUpdated": "2024-10-09T15:14:06.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21273 (GCVE-0-2023-21273)
Vulnerability from cvelistv5 – Published: 2023-08-14 21:01 – Updated: 2024-10-09 15:07
VLAI
EPSS
Summary
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Remote code execution
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1e27ef69755a0735278a1c6af130c71a92b94e3f"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:03:37.269306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:07:41.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:01:24.805Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1e27ef69755a0735278a1c6af130c71a92b94e3f"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21273",
"datePublished": "2023-08-14T21:01:24.805Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T15:07:41.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21274 (GCVE-0-2023-21274)
Vulnerability from cvelistv5 – Published: 2023-08-14 21:01 – Updated: 2024-10-09 15:02
VLAI
EPSS
Summary
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/2bffd7f5e66dd0cf7e5668fb65c4f2b2e9f87cf7"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:02:44.883376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:02:59.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:01:43.205Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/2bffd7f5e66dd0cf7e5668fb65c4f2b2e9f87cf7"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21274",
"datePublished": "2023-08-14T21:01:43.205Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T15:02:59.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…