7.8

CVE-2023-21281

EPSS 0.02%
Veröffentlicht 14.08.2023 22:15:13
Zuletzt bearbeitet 21.11.2024 07:42:33
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version11.0 Update-

Google ≫ Android Version12.0 Update-

Google ≫ Android Version12.1 Update-

Google ≫ Android Version13.0 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.029

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

https://source.android.com/security/bulletin/2023-08-01

Patch

Vendor Advisory

https://android.googlesource.com/platform/frameworks/base/+/badb243574d7fca9aa89152d9d25eeb4f8615385

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-21281

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-21281

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-21281

EUVD