CVE-2023-21100
https://notcve.org/view.php?id=CVE-2023-21100
In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249 • https://source.android.com/security/bulletin/2023-04-01 • CWE-787: Out-of-bounds Write •
CVE-2023-20967
https://notcve.org/view.php?id=CVE-2023-20967
In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225879503 • https://source.android.com/security/bulletin/2023-04-01 • CWE-787: Out-of-bounds Write •
CVE-2023-21082
https://notcve.org/view.php?id=CVE-2023-21082
In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-257030107 • https://source.android.com/security/bulletin/2023-04-01 •
CVE-2023-21085
https://notcve.org/view.php?id=CVE-2023-21085
In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-264879662 • https://source.android.com/security/bulletin/2023-04-01 • CWE-787: Out-of-bounds Write •
CVE-2023-21087
https://notcve.org/view.php?id=CVE-2023-21087
In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753 • https://source.android.com/security/bulletin/2023-04-01 •