2 matches found
CVE-2023-21115
In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-21115
CVE-2023-21115: In Android, the vulnerability stems from a weakness in btm_sec_encrypt_change in btm_sec.cc that allows downgrading the link key type due to improper crypto, enabling paired-device elevation of privilege without user interaction. Affected: Android 11, 12, 12L. Status: remediation ...