CVE-2023-21115

2023-06-1500:00:00

google_android

www.cve.org

downgrade attack

link key

crypto misuse

android

privilege escalation

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Android",
    "versions": [
      {
        "version": "Android-11 Android-12 Android-12L",
        "status": "affected"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2023-06-01