CVE-2023-21266

In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:42

Type Values Removed Values Added
References () https://android.googlesource.com/platform/frameworks/base/+/fa94ce5c7738e449cb6bd68c77af4858018e49e0 - () https://android.googlesource.com/platform/frameworks/base/+/fa94ce5c7738e449cb6bd68c77af4858018e49e0 -
References () https://source.android.com/security/bulletin/2024-06-01 - () https://source.android.com/security/bulletin/2024-06-01 -

09 Jul 2024, 21:15

Type Values Removed Values Added
References
  • {'url': 'https://android.googlesource.com/platform/frameworks/base/+/5b7edbf2ba076b04000eb5d27101927eeb609c26', 'tags': ['Mailing List', 'Patch'], 'source': 'security@android.com'}
  • {'url': 'https://source.android.com/security/bulletin/2023-10-01', 'tags': ['Patch', 'Vendor Advisory'], 'source': 'security@android.com'}
  • () https://android.googlesource.com/platform/frameworks/base/+/fa94ce5c7738e449cb6bd68c77af4858018e49e0 -
  • () https://source.android.com/security/bulletin/2024-06-01 -
Summary (en) In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (en) In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Information

Published : 2023-10-06 19:15

Updated : 2025-05-05 15:15


NVD link : CVE-2023-21266

Mitre link : CVE-2023-21266

CVE.ORG link : CVE-2023-21266


JSON object : View

Products Affected

google

  • android