CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21282
https://notcve.org/view.php?id=CVE-2023-21282
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/external/aac/+/4242f97d149b0bf0cd96f00cd1e9d30d5922cd46 https://source.android.com/security/bulletin/2023-08-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21281
https://notcve.org/view.php?id=CVE-2023-21281
In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/badb243574d7fca9aa89152d9d25eeb4f8615385 https://source.android.com/security/bulletin/2023-08-01 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21273
https://notcve.org/view.php?id=CVE-2023-21273
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1e27ef69755a0735278a1c6af130c71a92b94e3f https://source.android.com/security/bulletin/2023-08-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21272
https://notcve.org/view.php?id=CVE-2023-21272
In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/4dea696369a309cf39daa3e94fec7156c290a9c2 https://source.android.com/security/bulletin/2023-08-01 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21268
https://notcve.org/view.php?id=CVE-2023-21268
In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9 https://source.android.com/security/bulletin/2023-08-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •