Google Android vulnerabilities

CVE-2023-21171 [MEDIUM] CVE-2023-21171: In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to si In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261085213

CVE-2023-21202 [MEDIUM] CWE-125 CVE-2023-21202: In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read due In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568359

CVE-2023-21200 [MEDIUM] CWE-125 CVE-2023-21200: In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236688764

CVE-2023-21167 [MEDIUM] CWE-119 CVE-2023-21167: In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942964

CVE-2023-21198 [MEDIUM] CWE-125 CVE-2023-21198: In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245517503

CVE-2023-21170 [MEDIUM] CWE-125 CVE-2023-21170: In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252764410

CVE-2023-21207 [MEDIUM] CWE-125 CVE-2023-21207: In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out of bounds read due to a missi In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236670

CVE-2023-21178 [MEDIUM] CWE-362 CVE-2023-21178: In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-140762419

CVE-2023-21211 [MEDIUM] CWE-125 CVE-2023-21211: In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235998

CVE-2023-21177 [MEDIUM] CWE-862 CVE-2023-21177: In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the ap In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android

CVE-2023-21196 [MEDIUM] CWE-125 CVE-2023-21196: In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:

CVE-2023-21173 [MEDIUM] CWE-862 CVE-2023-21173: In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's netwo In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-26274185

CVE-2023-21169 [MEDIUM] CWE-125 CVE-2023-21169: In inviteInternal of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds c In inviteInternal of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-274443441

CVE-2023-21195 [MEDIUM] CWE-125 CVE-2023-21195: In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a possible out of bounds read due t In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth, if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13

CVE-2023-21213 [MEDIUM] CWE-125 CVE-2023-21213: In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a mi In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235951

CVE-2023-21214 [MEDIUM] CWE-125 CVE-2023-21214: In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible out of bounds read due to unsafe In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235736

CVE-2023-21203 [MEDIUM] CWE-125 CVE-2023-21203: In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bounds read due to improper inpu In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262246082

CVE-2023-21212 [MEDIUM] CWE-125 CVE-2023-21212: In multiple files, there is a possible out of bounds read due to a missing bounds check. This could In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236031

CVE-2023-21209 [MEDIUM] CWE-502 CVE-2023-21209: In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deseria In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236273

CVE-2023-21168 [MEDIUM] CWE-125 CVE-2023-21168: In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing boun In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-253270285