Lucene search

[email protected]NVD:CVE-2023-21088

HistoryApr 19, 2023 - 8:15 p.m.

CVE-2023-21088

2023-04-1920:15:11

[email protected]

web.nvd.nist.gov

android-12

android-12l

android-13

logic error

local escalation

privilege bypass

background activity

user interaction

code execution

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-235823542

Affected configurations

NVD

Node

googleandroidMatch12.0

googleandroidMatch12.1

googleandroidMatch13.0

References

source.android.com/security/bulletin/2023-04-01

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-21088

cnvd1 osv1 prion1 cvelist1 cve1