CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21167
https://notcve.org/view.php?id=CVE-2023-21167
In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942964 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21184
https://notcve.org/view.php?id=CVE-2023-21184
In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-267809568 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21192
https://notcve.org/view.php?id=CVE-2023-21192
In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21203
https://notcve.org/view.php?id=CVE-2023-21203
In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262246082 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21178
https://notcve.org/view.php?id=CVE-2023-21178
In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-140762419 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •