CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21115
https://notcve.org/view.php?id=CVE-2023-21115
In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 • https://source.android.com/security/bulletin/2023-06-01 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21141
https://notcve.org/view.php?id=CVE-2023-21141
In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249 • https://source.android.com/security/bulletin/2023-06-01 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21108
https://notcve.org/view.php?id=CVE-2023-21108
In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-239414876 • https://source.android.com/security/bulletin/2023-06-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21129
https://notcve.org/view.php?id=CVE-2023-21129
In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612 • https://source.android.com/security/bulletin/2023-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21138
https://notcve.org/view.php?id=CVE-2023-21138
In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090 • https://source.android.com/security/bulletin/2023-06-01 • CWE-20: Improper Input Validation •