Multiple vulnerabilities in Google Android



Published: 2023-04-04 | Updated: 2024-01-15
Risk High
Patch available YES
Number of vulnerabilities 62
CVE-ID CVE-2022-40503
CVE-2022-33231
CVE-2022-33288
CVE-2022-33289
CVE-2022-33302
CVE-2022-33269
CVE-2022-33270
CVE-2022-40532
CVE-2023-21630
CVE-2022-4696
CVE-2021-0874
CVE-2023-20941
CVE-2022-33917
CVE-2022-36449
CVE-2022-38181
CVE-2022-41757
CVE-2022-42716
CVE-2021-0872
CVE-2021-0873
CVE-2021-0875
CVE-2021-0885
CVE-2021-0876
CVE-2021-0878
CVE-2021-0879
CVE-2021-0880
CVE-2021-0881
CVE-2021-0882
CVE-2021-0883
CVE-2021-0884
CVE-2022-20463
CVE-2023-21091
CVE-2023-20909
CVE-2023-21083
CVE-2023-21082
CVE-2023-21080
CVE-2023-20935
CVE-2023-21099
CVE-2023-20967
CVE-2023-20950
CVE-2023-21090
CVE-2023-21098
CVE-2023-21097
CVE-2023-21094
CVE-2023-21092
CVE-2023-21089
CVE-2023-21088
CVE-2023-21081
CVE-2023-21085
CVE-2023-21087
CVE-2023-21100
CVE-2023-21086
CVE-2023-21093
CVE-2023-21084
CVE-2023-21096
CVE-2022-20471
CVE-2022-32599
CVE-2023-20652
CVE-2023-20653
CVE-2023-20654
CVE-2023-20655
CVE-2023-20656
CVE-2023-20657
CWE-ID CWE-126
CWE-415
CWE-120
CWE-129
CWE-190
CWE-367
CWE-191
CWE-416
CWE-20
CWE-119
CWE-200
CWE-787
CWE-123
Exploitation vector Network
Public exploit Vulnerability #15 is being exploited in the wild.
Vulnerable software
Subscribe
Google Android
Operating systems & Components / Operating system

Vendor Google

Security Bulletin

This security bulletin contains information about 62 vulnerabilities.

1) Buffer over-read

EUVDB-ID: #VU74331

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40503

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Bluetooth Host.. A remote attacker can read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Double Free

EUVDB-ID: #VU74305

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33231

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU74307

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33288

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Validation of Array Index

EUVDB-ID: #VU74308

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33289

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in Modem. A local attacker can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Validation of Array Index

EUVDB-ID: #VU74309

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33302

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in User Identity Module. A local attacker can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Integer overflow

EUVDB-ID: #VU74320

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33269

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU74321

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33270

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer overflow

EUVDB-ID: #VU74327

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40532

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Integer underflow

EUVDB-ID: #VU74332

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21630

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Multimedia Framework. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU71481

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in io_uring and the IORING_OP_SPLICE operation. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU74396

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0874

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU74380

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20941

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code with elevated privileges.

The vulnerability exists due to a boundary error in drivers/usb/gadget/function/f_accessory.c. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU74382

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33917

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code with escalated privileges.

The vulnerability exists due to a use-after-free error when processing GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU74383

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-36449

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU74191

Risk: High

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-38181

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, this vulnerability is known to be exploited in targeted attacks spotted in November 2022.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

16) Use-after-free

EUVDB-ID: #VU74385

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41757

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU74386

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42716

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU74394

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0872

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU74395

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0873

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU74397

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0875

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU74406

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0885

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU74398

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0876

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU74399

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0878

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU74400

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0879

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU74401

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0880

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU74402

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0881

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU74403

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0882

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU74404

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0883

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Input validation error

EUVDB-ID: #VU74405

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0884

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 11 - 13 2023-04-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU69044

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20463

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Wi-Fi component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU74377

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21091

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Information exposure

EUVDB-ID: #VU74372

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20909

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Information exposure

EUVDB-ID: #VU74376

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21083

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Information exposure

EUVDB-ID: #VU74375

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21082

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Information exposure

EUVDB-ID: #VU74374

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21080

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Information exposure

EUVDB-ID: #VU74373

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20935

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU74370

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21099

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU74366

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU74363

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20950

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU74362

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21090

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU74360

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21098

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU74359

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21097

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper input validation

EUVDB-ID: #VU74358

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21094

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper input validation

EUVDB-ID: #VU74357

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21092

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper input validation

EUVDB-ID: #VU74356

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21089

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper input validation

EUVDB-ID: #VU74355

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21088

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper input validation

EUVDB-ID: #VU74354

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21081

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper input validation

EUVDB-ID: #VU74364

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21085

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper input validation

EUVDB-ID: #VU74361

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21087

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper input validation

EUVDB-ID: #VU74371

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21100

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper input validation

EUVDB-ID: #VU74368

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21086

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper input validation

EUVDB-ID: #VU74369

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21093

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the MediaProvider component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper input validation

EUVDB-ID: #VU74367

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21084

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper input validation

EUVDB-ID: #VU74365

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21096

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Information disclosure

EUVDB-ID: #VU70005

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20471

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Out-of-bounds write

EUVDB-ID: #VU74507

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32599

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a logic error within rpmb. A local privileged application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper input validation

EUVDB-ID: #VU74508

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20652

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper input validation

EUVDB-ID: #VU74509

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20653

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper input validation

EUVDB-ID: #VU74510

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20654

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper input validation

EUVDB-ID: #VU74511

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20655

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a parcel format mismatch within mmsdk. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Write-what-where Condition

EUVDB-ID: #VU74512

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20656

CWE-ID: CWE-123 - Write-what-where Condition

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a logic error within geniezone. A local privileged application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Out-of-bounds write

EUVDB-ID: #VU74513

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20657

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within mtee. A local privileged application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 13 2023-04-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-04-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###