CVE-2023-21169
https://notcve.org/view.php?id=CVE-2023-21169
In inviteInternal of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-274443441 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVE-2023-21171
https://notcve.org/view.php?id=CVE-2023-21171
In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261085213 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVE-2023-21174
https://notcve.org/view.php?id=CVE-2023-21174
In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822222 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVE-2023-21095
https://notcve.org/view.php?id=CVE-2023-21095
In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576 • https://source.android.com/security/bulletin/2023-06-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2023-21129
https://notcve.org/view.php?id=CVE-2023-21129
In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612 • https://source.android.com/security/bulletin/2023-06-01 •