CVE-2023-32871Unchecked Error Condition in Google Android

CWE-391Unchecked Error ConditionCWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 99.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Google AndroidLinuxfoundation YoctoOpenwrt+1 more
Timeline
PublishedMay 6

Description

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages4 packages

NVDgoogle/android4 versions+3
NVDopenwrt/openwrt19.07.0, 21.02.0+1
NVDrdkcentral/rdk-b2022q3
NVDlinuxfoundation/yocto3.3, 4.0+1

🔴Vulnerability Details

2
CVEList
CVE-2023-32871: In DA, there is a possible permission bypass due to an incorrect status check2024-05-06
GHSA
GHSA-qgc7-3qhr-fr4g: In DA, there is a possible permission bypass due to an incorrect status check2024-05-06

📋Vendor Advisories

1
Android
CVE-2023-32871: DA2024-05-01
CVE-2023-32871 — Unchecked Error Condition in Google | cvebase