First published: Mon Jun 05 2023(Updated: )
In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Google Android | =11.0 | |
Google Android | =12.0 | |
Google Android | =12.1 | |
Google Android | =13.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-21123 is high with a CVSS score of 7.8.
CVE-2023-21123 affects Google Android versions 11.0, 12.0, 12.1, and 13.0.
An attacker can exploit CVE-2023-21123 to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing, leading to local privilege escalation.
No, user interaction is not needed for an exploit of CVE-2023-21123.
To fix CVE-2023-21123, it is recommended to apply the security patches provided by Google.