Multiple vulnerabilities in Google Android
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 51 |
| CVE-ID | CVE-2023-33028 CVE-2023-33027 CVE-2023-33026 CVE-2023-24853 CVE-2023-24850 CVE-2023-24849 CVE-2023-24848 CVE-2023-24847 CVE-2023-24844 CVE-2023-24843 CVE-2023-22385 CVE-2023-21673 CVE-2023-28540 CVE-2021-44828 CVE-2023-24855 CVE-2023-33035 CVE-2023-33034 CVE-2023-33029 CVE-2023-40638 CVE-2023-32820 CVE-2023-32819 CVE-2023-20819 CVE-2023-34970 CVE-2023-33200 CVE-2023-4211 CVE-2022-28348 CVE-2023-21253 CVE-2023-40135 CVE-2023-40125 CVE-2023-40117 CVE-2023-40129 CVE-2023-40139 CVE-2023-40138 CVE-2023-40137 CVE-2023-40136 CVE-2023-40134 CVE-2023-40121 CVE-2023-21291 CVE-2023-40140 CVE-2023-21252 CVE-2023-21244 CVE-2023-40130 CVE-2023-40133 CVE-2023-40123 CVE-2023-40127 CVE-2023-40128 CVE-2023-40120 CVE-2023-40116 CVE-2023-21266 CVE-2023-40131 CVE-2023-5129 CVE-2023-4863 |
| CWE-ID | CWE-121 CWE-126 CWE-119 CWE-129 CWE-476 CWE-284 CWE-617 CWE-287 CWE-823 CWE-120 CWE-195 CWE-416 CWE-862 CWE-400 CWE-200 CWE-787 CWE-362 CWE-20 CWE-122 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #25 is being exploited in the wild. Vulnerability #51 is being exploited in the wild. |
| Vulnerable software |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 51 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU81361
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33028
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3 External linkshttp://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer over-read
EUVDB-ID: #VU81373
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33027
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer over-read
EUVDB-ID: #VU81372
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33026
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU81371
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24853
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in HLOS. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Validation of Array Index
EUVDB-ID: #VU81370
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24850
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in HLOS. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer over-read
EUVDB-ID: #VU81369
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24849
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Data Modem. A remote attacker can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer over-read
EUVDB-ID: #VU81368
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24848
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Data Modem. A remote attacker can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL Pointer Dereference
EUVDB-ID: #VU81367
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24847
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Access Control
EUVDB-ID: #VU81366
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24844
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Reachable Assertion
EUVDB-ID: #VU81365
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24843
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer over-read
EUVDB-ID: #VU81364
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22385
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Data Modem. A remote attacker can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper Access Control
EUVDB-ID: #VU81362
Risk: Low
CVSSv3.1: 7.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21673
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the device.
The vulnerability exists due to improper input validation in Kernel. A local application can escalate privileges on the device.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper Authentication
EUVDB-ID: #VU81360
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28540
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Data Modem. A remote attacker can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Buffer overflow
EUVDB-ID: #VU81405
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44828
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU81359
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24855
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Modem. A remote attacker can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU81378
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33035
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Signed to Unsigned Conversion Error
EUVDB-ID: #VU81377
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33034
CWE-ID:
CWE-195 - Signed to Unsigned Conversion Error
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use After Free
EUVDB-ID: #VU81376
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33029
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Missing Authorization
EUVDB-ID: #VU81330
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40638
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible missing permission check within the Telecom service in Android. A local application can crash the entire system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource exhaustion
EUVDB-ID: #VU81349
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32820
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper input handling within wlan firmware. A local application can perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Information exposure
EUVDB-ID: #VU81348
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32819
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within display. A local privileged application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds write
EUVDB-ID: #VU81347
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20819
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within CDMA PPP protocol. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Race condition
EUVDB-ID: #VU81407
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34970
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition. A local user can exploit the race to trigger a use-after-free and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU81406
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33200
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU79503
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-4211
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within Mali GPU Kernel Driver. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
26) Use-after-free
EUVDB-ID: #VU76983
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28348
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the device.
The vulnerability exists due to a use-after-free error. A malicious application can trigger a use-after-free error and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-05, 12 2023-10-05, 12L 2023-10-05, 13 2023-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU81404
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21253
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/84df68840b6f2407146e722ebd95a7d8bc6e3529
http://android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af23df66622b66246f3f61e
http://android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32ae0bb70dc85f5fd0e2be7
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Information exposure
EUVDB-ID: #VU81402
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40135
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper input validation
EUVDB-ID: #VU81396
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40125
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/packages/apps/Settings/+/63d464c3fa5c7b9900448fef3844790756e557eb
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper input validation
EUVDB-ID: #VU81395
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40117
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/packages/apps/Settings/+/11815817de2f2d70fe842b108356a1bc75d44ffb
http://android.googlesource.com/platform/frameworks/base/+/ff86ff28cf82124f8e65833a2dd8c319aea08945
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper input validation
EUVDB-ID: #VU81393
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40129
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/packages/modules/Bluetooth/+/c0151aa3ba76c785b32c7f9d16c98febe53017b1
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Information exposure
EUVDB-ID: #VU81392
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40139
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Information exposure
EUVDB-ID: #VU81391
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40138
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Information exposure
EUVDB-ID: #VU81390
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40137
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Information exposure
EUVDB-ID: #VU81389
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40136
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Information exposure
EUVDB-ID: #VU81388
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40134
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Information exposure
EUVDB-ID: #VU81387
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40121
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/3287ac2d2565dc96bf6177967f8e3aed33954253
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Information exposure
EUVDB-ID: #VU81386
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21291
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/cb6282e8970f4c9db5497889699e68fb2038566e
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper input validation
EUVDB-ID: #VU81385
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40140
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/2d88a5c481df8986dbba2e02c5bf82f105b36243
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper input validation
EUVDB-ID: #VU81403
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21252
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/packages/modules/Wifi/+/044ab0684153c4effb9f4fda47df43ccdc77bda8
http://android.googlesource.com/platform/packages/modules/Wifi/+/50b08ee30e04d185e5ae97a5f717d436fd5a90f3
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper input validation
EUVDB-ID: #VU81394
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21244
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf669951e90678c2daa592a81d3
http://android.googlesource.com/platform/frameworks/base/+/20aedba4998373addc2befcc455a118585559fef
http://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923cf35c7beb3ee77a9e6485dad
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper input validation
EUVDB-ID: #VU81398
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40130
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Information exposure
EUVDB-ID: #VU81401
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40133
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Information exposure
EUVDB-ID: #VU81399
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40123
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/7212a4bec2d2f1a74fa54a12a04255d6a183baa9
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Information exposure
EUVDB-ID: #VU81400
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40127
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/packages/providers/MediaProvider/+/747431250612507e8289ae8eb1a56303e79ab678
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper input validation
EUVDB-ID: #VU81397
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40128
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969edd56956e2d447f896037c8be7
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper input validation
EUVDB-ID: #VU81383
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/d26544e5a4fd554b790b4d0c5964d9e95d9e626b
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper input validation
EUVDB-ID: #VU81382
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40116
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/18c3b194642f3949d09e48c21da5658fa04994c8
http://android.googlesource.com/platform/frameworks/base/+/18c3b194642f3949d09e48c21da5658fa04994c8
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper input validation
EUVDB-ID: #VU81381
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21266
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-01, 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/base/+/5b7edbf2ba076b04000eb5d27101927eeb609c26
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper input validation
EUVDB-ID: #VU81384
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40131
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-10-01, 12L 2023-10-01, 13 2023-10-01
CPE2.3http://android.googlesource.com/platform/frameworks/native/+/0cda11569dd256ff3220b4fe44f861f8081d7116
http://source.android.com/docs/security/bulletin/2023-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Heap-based buffer overflow
EUVDB-ID: #VU80637
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-5129,CVE-2023-4863
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-10-06, 12 2023-10-06, 12L 2023-10-06, 13 2023-10-06
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
