CVE-2023-21178Race Condition in System Sepolicy

CWE-362Race Condition4 documents4 sources
Severity
4.1MEDIUMNVD
EPSS
0.0%
top 95.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Platform System SepolicyPlatform System VoldGoogle Android
Timeline
PublishedJun 28

Description

In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-140762419

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages4 packages

Androidplatform/system_vold13-next:013-next:2023-06-01+1
Androidplatform/system_sepolicy13-next:013-next:2023-06-01+1
CVEListV5google/androidAndroid-13
NVDgoogle/android13.0

🔴Vulnerability Details

3
GHSA
GHSA-58jm-pcr7-qmp6: In installKey of KeyUtil2023-06-28
CVEList
CVE-2023-21178: In installKey of KeyUtil2023-06-28
OSV
CVE-2023-21178: In installKey of KeyUtil2023-06-01
CVE-2023-21178 — Race Condition in System Sepolicy | cvebase