In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://source.android.com/security/bulletin/2023-06-01 |
History
Tue, 17 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-276 | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2023-06-15T00:00:00
Updated: 2024-12-17T19:49:04.657Z
Reserved: 2022-11-03T00:00:00
Link: CVE-2023-21138
Vulnrichment
Updated: 2024-08-02T09:28:25.706Z
NVD
Status : Modified
Published: 2023-06-15T19:15:10.083
Modified: 2024-12-17T20:15:20.963
Link: CVE-2023-21138
Redhat
No data.