CVE-2023-21266
https://notcve.org/view.php?id=CVE-2023-21266
In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En killBackgroundProcesses de ActivityManagerService.java, existe una forma posible de escapar de la protección de Google Play debido a una omisión de permisos. Esto podría conducir a una escalada local de privilegios sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/fa94ce5c7738e449cb6bd68c77af4858018e49e0 https://source.android.com/security/bulletin/2024-06-01 •
CVE-2023-21253
https://notcve.org/view.php?id=CVE-2023-21253
In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. En varias ubicaciones, existe una forma posible de bloquear varios servicios del sistema debido al agotamiento de los recursos. Esto podría provocar una denegación de servicio local sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/84df68840b6f2407146e722ebd95a7d8bc6e3529 https://android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af23df66622b66246f3f61e https://android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32ae0bb70dc85f5fd0e2be7 https://source.android.com/security/bulletin/2023-10-01 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-21252
https://notcve.org/view.php?id=CVE-2023-21252
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. En validarPassword de WifiConfigurationUtil.java, existe una forma posible de hacer que el dispositivo entre en un bucle de arranque debido a una validación de entrada incorrecta. Esto podría provocar una denegación de servicio local sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/packages/modules/Wifi/+/044ab0684153c4effb9f4fda47df43ccdc77bda8 https://android.googlesource.com/platform/packages/modules/Wifi/+/50b08ee30e04d185e5ae97a5f717d436fd5a90f3 https://source.android.com/security/bulletin/2023-10-01 •
CVE-2023-21244
https://notcve.org/view.php?id=CVE-2023-21244
In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. En visitUris de Notification.java, existe una posible omisión de los límites del perfil de usuario debido a una falta de verificación de permisos. Esto podría llevar a una escalada local de privilegios con privilegios de ejecución del usuario necesarios. • https://android.googlesource.com/platform/frameworks/base/+/20aedba4998373addc2befcc455a118585559fef https://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf669951e90678c2daa592a81d3 https://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923cf35c7beb3ee77a9e6485dad https://source.android.com/security/bulletin/2023-10-01 • CWE-862: Missing Authorization •
CVE-2023-30733
https://notcve.org/view.php?id=CVE-2023-30733
Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution. Desbordamiento de búfer en la vulnerabilidad HDCP trustlet anterior a SMR Oct-2023 Release 1, permite al atacante realizar la ejecución de código. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=10 • CWE-787: Out-of-bounds Write •