CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20906
https://notcve.org/view.php?id=CVE-2023-20906
24 Mar 2023 — In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221040577 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21007
https://notcve.org/view.php?id=CVE-2023-21007
24 Mar 2023 — In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029965 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21030
https://notcve.org/view.php?id=CVE-2023-21030
24 Mar 2023 — In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20964
https://notcve.org/view.php?id=CVE-2023-20964
24 Mar 2023 — In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21025
https://notcve.org/view.php?id=CVE-2023-21025
24 Mar 2023 — In ufdt_local_fixup_prop of ufdt_overlay.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254929746 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21024
https://notcve.org/view.php?id=CVE-2023-21024
24 Mar 2023 — In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246543238 • https://source.android.com/security/bulletin/pixel/2023-03-01 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20998
https://notcve.org/view.php?id=CVE-2023-20998
24 Mar 2023 — In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20926
https://notcve.org/view.php?id=CVE-2023-20926
24 Mar 2023 — In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058 • https://source.android.com/security/bulletin/2023-03-01 • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20988
https://notcve.org/view.php?id=CVE-2023-20988
24 Mar 2023 — In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569232 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20987
https://notcve.org/view.php?id=CVE-2023-20987
24 Mar 2023 — In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569414 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •