CVE-2023-20993Improper Handling of Exceptional Conditions in Google Android

CWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks BaseGoogle Android
Timeline
PublishedMar 24
Latest updateMay 1

Description

In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261588851

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5google/androidAndroid-11 Android-12 Android-12L Android-13
NVDgoogle/android13.0
Androidplatform/frameworks_base13-next:013-next:2023-05-01+4

🔴Vulnerability Details

2
OSV
CVE-2023-20993: In multiple functions of SnoozeHelper2023-05-01
GHSA
GHSA-f4j7-9jj6-pqqx: In multiple functions of SnoozeHelper2023-03-24

📋Vendor Advisories

1
Android
CVE-2023-20993: Android Security Bulletin 2023-05-01 CVE: CVE-2023-20993 Severity: HIGH Type: EoP Affected AOSP versions: 11, 12, 12L, 13 References: A-2615888512023-05-01