CVE-2023-21123
https://notcve.org/view.php?id=CVE-2023-21123
In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064 • https://source.android.com/security/bulletin/2023-06-01 • CWE-862: Missing Authorization •
CVE-2023-21126
https://notcve.org/view.php?id=CVE-2023-21126
In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393 • https://source.android.com/security/bulletin/2023-06-01 •
CVE-2023-21138
https://notcve.org/view.php?id=CVE-2023-21138
In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090 • https://source.android.com/security/bulletin/2023-06-01 • CWE-20: Improper Input Validation •
CVE-2023-21115
https://notcve.org/view.php?id=CVE-2023-21115
In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 • https://source.android.com/security/bulletin/2023-06-01 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2023-21141
https://notcve.org/view.php?id=CVE-2023-21141
In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249 • https://source.android.com/security/bulletin/2023-06-01 •