CVE-2023-20953 — Google Android vulnerability

5 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks Base Google Android

Timeline

PublishedMar 24

Description

In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251778420

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/androidAndroid-13

▶NVDgoogle/android13.0

▶googlegoogle/android

▶Androidplatform/frameworks_base13-next:0 — 13-next:2023-03-01+1

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-3223-r5rv-jq9r: In onPrimaryClipChanged of ClipboardListener↗2023-03-24

▶

OSV

CVE-2023-20953: In onPrimaryClipChanged of ClipboardListener↗2023-03-24

▶

OSV

CVE-2023-20953: In onPrimaryClipChanged of ClipboardListener↗2023-03-01

▶

📋Vendor Advisories

Android

CVE-2023-20953: Android Security Bulletin 2023-03-01 CVE: CVE-2023-20953 Severity: HIGH Type: EoP Affected AOSP versions: 13 References: A-251778420↗2023-03-01

▶