CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21091
https://notcve.org/view.php?id=CVE-2023-21091
In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257954050 • https://source.android.com/security/bulletin/2023-04-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21100
https://notcve.org/view.php?id=CVE-2023-21100
In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249 • https://source.android.com/security/bulletin/2023-04-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21097
https://notcve.org/view.php?id=CVE-2023-21097
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325 • https://source.android.com/security/bulletin/2023-04-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21093
https://notcve.org/view.php?id=CVE-2023-21093
In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832 • https://source.android.com/security/bulletin/2023-04-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21080
https://notcve.org/view.php?id=CVE-2023-21080
In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245916076 • https://source.android.com/security/bulletin/2023-04-01 • CWE-125: Out-of-bounds Read •