CVE-2023-21033
https://notcve.org/view.php?id=CVE-2023-21033
In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713323 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-21030
https://notcve.org/view.php?id=CVE-2023-21030
In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-415: Double Free •
CVE-2023-21004
https://notcve.org/view.php?id=CVE-2023-21004
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193664 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-862: Missing Authorization •
CVE-2023-20976
https://notcve.org/view.php?id=CVE-2023-20976
In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216117246 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-20: Improper Input Validation •
CVE-2023-21001
https://notcve.org/view.php?id=CVE-2023-21001
In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-862: Missing Authorization •