CVE-2023-21130
https://notcve.org/view.php?id=CVE-2023-21130
In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002 • https://source.android.com/security/bulletin/2023-06-01 • CWE-125: Out-of-bounds Read •
CVE-2023-21122
https://notcve.org/view.php?id=CVE-2023-21122
In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191 • https://source.android.com/security/bulletin/2023-06-01 • CWE-862: Missing Authorization •
CVE-2023-21136
https://notcve.org/view.php?id=CVE-2023-21136
In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246542285 • https://source.android.com/security/bulletin/2023-06-01 • CWE-20: Improper Input Validation •
CVE-2023-21139
https://notcve.org/view.php?id=CVE-2023-21139
In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271845008 • https://source.android.com/security/bulletin/2023-06-01 •
CVE-2023-21137
https://notcve.org/view.php?id=CVE-2023-21137
In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702 • https://source.android.com/security/bulletin/2023-06-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •