CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21262
https://notcve.org/view.php?id=CVE-2023-21262
12 Jul 2023 — In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation. • https://android.googlesource.com/platform/frameworks/av/+/2c8973c39478cd3c8cf11d9f27cc0556a106d006 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21257
https://notcve.org/view.php?id=CVE-2023-21257
12 Jul 2023 — In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/1aec7feaf07e6d4568ca75d18158445dbeac10f6 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21256
https://notcve.org/view.php?id=CVE-2023-21256
12 Jul 2023 — In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/apps/Settings/+/62fc1d269f5e754fc8f00b6167d79c3933b4c1f4 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21254
https://notcve.org/view.php?id=CVE-2023-21254
12 Jul 2023 — In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/fa539c85503dc63bfb53c76b6f12b3549f14a709 • CWE-863: Incorrect Authorization •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 1CVE-2023-21251
https://notcve.org/view.php?id=CVE-2023-21251
12 Jul 2023 — In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21251 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21250
https://notcve.org/view.php?id=CVE-2023-21250
12 Jul 2023 — In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ec573bc83f1ed6722f7cb29431dcb2db7f10bf28 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21249
https://notcve.org/view.php?id=CVE-2023-21249
12 Jul 2023 — In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/c00b7e7dbc1fa30339adef693d02a51254755d7f • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21248
https://notcve.org/view.php?id=CVE-2023-21248
12 Jul 2023 — In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/apps/Settings/+/edd4023805bc7fa54ae31de222cde02b9012bbc4 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21247
https://notcve.org/view.php?id=CVE-2023-21247
12 Jul 2023 — In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/apps/Settings/+/edd4023805bc7fa54ae31de222cde02b9012bbc4 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 1CVE-2023-21246
https://notcve.org/view.php?id=CVE-2023-21246
12 Jul 2023 — In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21246 • CWE-273: Improper Check for Dropped Privileges CWE-754: Improper Check for Unusual or Exceptional Conditions •