CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20950
https://notcve.org/view.php?id=CVE-2023-20950
In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-195756028 • https://source.android.com/security/bulletin/2023-04-01 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20935
https://notcve.org/view.php?id=CVE-2023-20935
In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256589724 • https://source.android.com/security/bulletin/2023-04-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21082
https://notcve.org/view.php?id=CVE-2023-21082
In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-257030107 • https://source.android.com/security/bulletin/2023-04-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21099
https://notcve.org/view.php?id=CVE-2023-21099
In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243377226 • https://source.android.com/security/bulletin/2023-04-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21086
https://notcve.org/view.php?id=CVE-2023-21086
In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238298970 • https://source.android.com/security/bulletin/2023-04-01 •