Lucene search

K
cve[email protected]CVE-2023-21346
HistoryOct 30, 2023 - 5:15 p.m.

CVE-2023-21346

2023-10-3017:15:50
CWE-203
web.nvd.nist.gov
14
cve-2023-21346
device idle controller
information disclosure
side channel
local
no permissions

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.5 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected configurations

NVD
Node
googleandroidRange<14.0
CPENameOperatorVersion
google:androidgoogle androidlt14.0

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "14",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.5 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVE-2023-21346