Google Android vulnerabilities

CVE-2023-21301 [MEDIUM] CWE-203 CVE-2023-21301: In ActivityManagerService, there is a possible way to determine whether an app is installed, without In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21380 [MEDIUM] CWE-787 CVE-2023-21380: In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21316 [MEDIUM] CWE-203 CVE-2023-21316: In Content, there is a possible way to determine whether an app is installed, without query permissi In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21352 [MEDIUM] CWE-125 CVE-2023-21352: In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to loc In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21305 [MEDIUM] CWE-203 CVE-2023-21305: In Content, there is a possible way to determine whether an app is installed, without query permissi In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21332 [MEDIUM] CWE-203 CVE-2023-21332: In Text Services, there is a possible way to determine whether an app is installed, without query pe In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21297 [MEDIUM] CWE-287 CVE-2023-21297: In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21310 [MEDIUM] CWE-787 CVE-2023-21310: In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21366 [MEDIUM] CVE-2023-21366: In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecur In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21360 [MEDIUM] CWE-787 CVE-2023-21360: In Bluetooth, there is a possible out of bounds write due to improper input validation. This could l In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21302 [MEDIUM] CWE-203 CVE-2023-21302: In Package Manager, there is a possible way to determine whether an app is installed, without query In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21304 [MEDIUM] CWE-203 CVE-2023-21304: In Content Service, there is a possible way to determine whether an app is installed, without query In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21334 [MEDIUM] CVE-2023-21334: In App Ops Service, there is a possible disclosure of information about installed packages due to a In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21350 [MEDIUM] CWE-203 CVE-2023-21350: In Media Projection, there is a possible way to determine whether an app is installed, without query In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21357 [MEDIUM] CWE-125 CVE-2023-21357: In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to loc In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21369 [MEDIUM] CVE-2023-21369: In Usage Access, there is a possible way to display a Settings usage access restriction toggle scree In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-40101 [MEDIUM] CWE-125 CVE-2023-40101: In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds che In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21306 [MEDIUM] CWE-203 CVE-2023-21306: In ContentService, there is a possible way to read installed sync content providers due to side chan In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21365 [MEDIUM] CVE-2023-21365: In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local den In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21382 [MEDIUM] CWE-862 CVE-2023-21382: In Content Resolver, there is a possible method to access metadata about existing content providers In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.