CVE-2023-21230
https://notcve.org/view.php?id=CVE-2023-21230
In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/wear/2023-08-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2023-21232
https://notcve.org/view.php?id=CVE-2023-21232
In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/wear/2023-08-01 •
CVE-2023-21233
https://notcve.org/view.php?id=CVE-2023-21233
In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/wear/2023-08-01 • CWE-908: Use of Uninitialized Resource •
CVE-2023-21234
https://notcve.org/view.php?id=CVE-2023-21234
In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/wear/2023-08-01 • CWE-862: Missing Authorization •
CVE-2023-21235
https://notcve.org/view.php?id=CVE-2023-21235
In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/docs/security/bulletin/wear/2023/2023-08-01 •