CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20911
https://notcve.org/view.php?id=CVE-2023-20911
In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498 • https://source.android.com/security/bulletin/2023-03-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20917
https://notcve.org/view.php?id=CVE-2023-20917
In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242605257 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20957
https://notcve.org/view.php?id=CVE-2023-20957
In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258422561 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20955
https://notcve.org/view.php?id=CVE-2023-20955
In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 • https://source.android.com/security/bulletin/2023-03-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20936
https://notcve.org/view.php?id=CVE-2023-20936
In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-226927612 • https://source.android.com/security/bulletin/2023-03-01 • CWE-787: Out-of-bounds Write •