CVE-2023-21017Google Android vulnerability

3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks BaseGoogle Android
Timeline
PublishedMar 24

Description

In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236687884

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/androidAndroid-13
NVDgoogle/android13.0
Androidplatform/frameworks_base13:013:2023-03-01

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-x36p-2cx6-r7jj: In InstallStart of InstallStart2023-03-24
OSV
CVE-2023-21017: In InstallStart of InstallStart2023-03-01