CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21177
https://notcve.org/view.php?id=CVE-2023-21177
In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273906410 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-862: Missing Authorization •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21189
https://notcve.org/view.php?id=CVE-2023-21189
In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213942596 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20443
https://notcve.org/view.php?id=CVE-2022-20443
In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194480991 • https://source.android.com/security/bulletin/android-13 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21196
https://notcve.org/view.php?id=CVE-2023-21196
In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261857395 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21172
https://notcve.org/view.php?id=CVE-2023-21172
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015 • https://source.android.com/security/bulletin/pixel/2023-06-01 •