CVE-2023-21029
https://notcve.org/view.php?id=CVE-2023-21029
In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-862: Missing Authorization •
CVE-2023-20963 – Android Framework Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-20963
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. • https://github.com/Ailenchick/CVE-2023-20963 https://source.android.com/security/bulletin/2023-03-01 • CWE-295: Improper Certificate Validation •
CVE-2023-20981
https://notcve.org/view.php?id=CVE-2023-20981
In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256165737 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVE-2023-20994
https://notcve.org/view.php?id=CVE-2023-20994
In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259062118 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-787: Out-of-bounds Write •
CVE-2023-21035
https://notcve.org/view.php?id=CVE-2023-21035
In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184847040 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-863: Incorrect Authorization •