CVE-2023-21171Sensitive Information Exposure in Google Android

4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 92.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks NativeGoogle Android
Timeline
PublishedJun 28

Description

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261085213

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/androidAndroid-13
NVDgoogle/android13.0
Androidplatform/frameworks_native13-next:013-next:2023-06-01+1

🔴Vulnerability Details

3
CVEList
CVE-2023-21171: In verifyInputEvent of InputDispatcher2023-06-28
GHSA
GHSA-c2f3-v6vh-fq3v: In verifyInputEvent of InputDispatcher2023-06-28
OSV
CVE-2023-21171: In verifyInputEvent of InputDispatcher2023-06-01
CVE-2023-21171 — Sensitive Information Exposure | cvebase