Google Android vulnerabilities

CVE-2023-21029 [MEDIUM] CWE-862 CVE-2023-21029: In register of UidObserverController.java, there is a missing permission check. This could lead to l In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898

CVE-2023-20979 [MEDIUM] CWE-125 CVE-2023-20979: In GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing In GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259939364

CVE-2023-20981 [MEDIUM] CWE-125 CVE-2023-20981: In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256165737

CVE-2023-21033 [MEDIUM] CWE-400 CVE-2023-21033: In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resour In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713323

CVE-2023-21012 [MEDIUM] CWE-125 CVE-2023-21012: In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing boun In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029812

CVE-2023-20977 [MEDIUM] CWE-125 CVE-2023-20977: In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a possible out of bounds read d In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:

CVE-2023-20969 [MEDIUM] CWE-125 CVE-2023-20969: In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing boun In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236313

CVE-2023-20926 [MEDIUM] CWE-862 CVE-2023-20926: In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory res In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitati

CVE-2023-20997 [MEDIUM] CWE-835 CVE-2023-20997: In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper i In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749702

CVE-2023-20984 [MEDIUM] CWE-125 CVE-2023-20984: In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bo In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242993878

CVE-2023-20972 [MEDIUM] CWE-119 CVE-2023-20972: In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out of bounds read due to a missing In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304665

CVE-2023-20991 [MEDIUM] CWE-125 CVE-2023-20991: In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc , there is a possible In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255305114

CVE-2023-20994 [MEDIUM] CWE-787 CVE-2023-20994: In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259062118

CVE-2023-20952 [MEDIUM] CWE-787 CVE-2023-20952: In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-18680351

CVE-2023-21013 [MEDIUM] CWE-125 CVE-2023-21013: In forceStaDisconnection of hostapd.cpp, there is a possible out of bounds read due to a missing bou In forceStaDisconnection of hostapd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256818945

CVE-2023-20974 [MEDIUM] CWE-125 CVE-2023-20974: In btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc, there is a possible out of bound In btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260078907

CVE-2023-20988 [MEDIUM] CWE-125 CVE-2023-20988: In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bou In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569232

CVE-2023-21016 [MEDIUM] CVE-2023-21016: In AccountTypePreference of AccountTypePreference.java, there is a possible way to mislead the user In AccountTypePreference of AccountTypePreference.java, there is a possible way to mislead the user about accounts installed on the device due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:

CVE-2023-20987 [MEDIUM] CWE-125 CVE-2023-20987: In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a mis In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569414

CVE-2023-21031 [MEDIUM] CWE-125 CVE-2023-21031: In setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This co In setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242688355