Lucene search
HistoryOct 06, 2023 - 7:15 p.m.
CVE-2023-21266
google play protection
permissions bypass
local escalation
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected configurations
Node
googleandroidMatch11.0
ORgoogleandroidMatch12.0
ORgoogleandroidMatch12.1
ORgoogleandroidMatch13.0
Related
prion
prion
Design/Logic Flaw
2023-10-06 19:15:00
osv
osv
[There are two problems with killBackgroundProcesses in ActivityManager]
2024-06-01 00:00:00
cve
cve
CVE-2023-21266
2023-10-06 19:15:12
cvelist
cvelist
CVE-2023-21266
2023-10-06 18:48:40
ubuntucve
ubuntucve
CVE-2023-21266
2023-10-06 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2023-21266