CVE-2023-21156

2023-06-2800:00:00

google_android

www.cve.org

android

kernel

modem

information disclosure

execution privileges

input validation

exploitation

user interaction

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In BuildGetRadioNode of protocolmiscbulider.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the modem with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264540759References: N/A

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Android",
    "versions": [
      {
        "version": "Android kernel",
        "status": "affected"
      }
    ]
  }
]

References

source.android.com/security/bulletin/pixel/2023-06-01