CVE-2023-21145

EPSS 0.01%
Veröffentlicht 13.07.2023 00:15:23
Zuletzt bearbeitet 21.11.2024 07:42:14
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version11.0

Google ≫ Android Version12.0

Google ≫ Android Version12.1

Google ≫ Android Version13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.004

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://source.android.com/security/bulletin/2023-07-01

Patch

Vendor Advisory

https://android.googlesource.com/platform/frameworks/base/+/44aeef1b82ecf21187d4903c9e3666a118bdeaf3

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-21145

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-21145

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-21145

EUVD