In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090
History

Tue, 17 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-276
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2023-06-15T00:00:00

Updated: 2024-12-17T19:49:04.657Z

Reserved: 2022-11-03T00:00:00

Link: CVE-2023-21138

cve-icon Vulnrichment

Updated: 2024-08-02T09:28:25.706Z

cve-icon NVD

Status : Modified

Published: 2023-06-15T19:15:10.083

Modified: 2024-12-17T20:15:20.963

Link: CVE-2023-21138

cve-icon Redhat

No data.