Headline
CVE-2023-21237: Pixel Update Bulletin—June 2023
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912
Published June 13, 2023
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2023-06-05 or later address all issues in this bulletin and all issues in the June 2023 Android Security Bulletin. To learn how to check a device’s security patch level, see Check and update your Android version.
All supported Google devices will receive an update to the 2023-06-05 patch level. We encourage all customers to accept these updates to their devices.
Announcements
- In addition to the security vulnerabilities described in the June 2023 Android Security Bulletin, Google devices also contain patches for the security vulnerabilities described below.
Security patches
Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.
Framework
CVE
References
Type
Severity
Updated AOSP versions
CVE-2023-20971
A-225880325
EoP
Moderate
13
CVE-2023-21171
A-261085213
EoP
Moderate
13
CVE-2023-21189
A-213942596
EoP
Moderate
13
CVE-2023-21192
A-227207653
EoP
Moderate
13
CVE-2023-21168
A-253270285
ID
Moderate
13
CVE-2023-21177
A-273906410
ID
Moderate
13
CVE-2023-21178
A-140762419
ID
Moderate
13
CVE-2023-21193
A-233006499
ID
Moderate
13
CVE-2023-21237
A-251586912
ID
Moderate
13
CVE-2023-21167
A-259942964
DoS
Moderate
13
System
CVE
References
Type
Severity
Updated AOSP versions
CVE-2023-20975
A-250573776
EoP
Moderate
13
CVE-2023-20976
A-216117246
EoP
Moderate
13
CVE-2023-20985
A-245915315
EoP
Moderate
13
CVE-2023-21172
A-262243015
EoP
Moderate
13
CVE-2023-21174
A-235822222
EoP
Moderate
13
CVE-2023-21175
A-262243574
EoP
Moderate
13
CVE-2023-21179
A-272755865
EoP
Moderate
13
CVE-2023-21183
A-235863754
EoP
Moderate
13
CVE-2023-21184
A-267809568
EoP
Moderate
13
CVE-2023-21185
A-266700762
EoP
Moderate
13
CVE-2023-21187
A-246542917
EoP
Moderate
13
CVE-2023-21191
A-269738057
EoP
Moderate
13
CVE-2023-21203
A-262246082
EoP
Moderate
13
CVE-2023-21207
A-262236670
EoP
Moderate
13
CVE-2023-21209
A-262236273
EoP
Moderate
13
CVE-2023-20968
A-262235935
ID
Moderate
13
CVE-2023-20972
A-255304665
ID
Moderate
13
CVE-2023-20973
A-260568245
ID
Moderate
13
CVE-2023-20974
A-260078907
ID
Moderate
13
CVE-2023-20977
A-254445952
ID
Moderate
13
CVE-2023-20979
A-259939364
ID
Moderate
13
CVE-2023-20980
A-260230274
ID
Moderate
13
CVE-2023-20981
A-256165737
ID
Moderate
13
CVE-2023-20982
A-260568083
ID
Moderate
13
CVE-2023-20983
A-260569449
ID
Moderate
13
CVE-2023-20984
A-242993878
ID
Moderate
13
CVE-2023-20986
A-255304475
ID
Moderate
13
CVE-2023-20987
A-260569414
ID
Moderate
13
CVE-2023-20988
A-260569232
ID
Moderate
13
CVE-2023-20989
A-260568367
ID
Moderate
13
CVE-2023-20990
A-260568354
ID
Moderate
13
CVE-2023-20991
A-255305114
ID
Moderate
13
CVE-2023-20992
A-260568750
ID
Moderate
13
CVE-2023-21027
A-216854451
ID
Moderate
13
CVE-2023-21031
A-242688355
ID
Moderate
13
CVE-2023-21169
A-274443441
ID
Moderate
13
CVE-2023-21170
A-252764410
ID
Moderate
13
CVE-2023-21173
A-262741858
ID
Moderate
13
CVE-2023-21180
A-261365944
ID
Moderate
13
CVE-2023-21181
A-264880969
ID
Moderate
13
CVE-2023-21182
A-252764175
ID
Moderate
13
CVE-2023-21188
A-264624283
ID
Moderate
13
CVE-2023-21190
A-251436534
ID
Moderate
13
CVE-2023-21194
A-260079141
ID
Moderate
13
CVE-2023-21195
A-233879420
ID
Moderate
13
CVE-2023-21196
A-261857395
ID
Moderate
13
CVE-2023-21197
A-251427561
ID
Moderate
13
CVE-2023-21198
A-245517503
ID
Moderate
13
CVE-2023-21199
A-254445961
ID
Moderate
13
CVE-2023-21200
A-236688764
ID
Moderate
13
CVE-2023-21202
A-260568359
ID
Moderate
13
CVE-2023-21204
A-262246231
ID
Moderate
13
CVE-2023-21205
A-262245376
ID
Moderate
13
CVE-2023-21206
A-262245630
ID
Moderate
13
CVE-2023-21208
A-262245254
ID
Moderate
13
CVE-2023-21210
A-262236331
ID
Moderate
13
CVE-2023-21211
A-262235998
ID
Moderate
13
CVE-2023-21212
A-262236031
ID
Moderate
13
CVE-2023-21213
A-262235951
ID
Moderate
13
CVE-2023-21214
A-262235736
ID
Moderate
13
CVE-2023-21176
A-222287335
DoS
Moderate
13
CVE-2023-21186
A-261079188
DoS
Moderate
13
CVE-2023-21201
A-263545186
DoS
Moderate
13
Pixel
CVE
References
Type
Severity
Subcomponent
CVE-2023-21066
A-250100597 *
RCE
Critical
exynos-slsi
CVE-2023-21225
A-270403821 *
EoP
High
Protected Confirmation
CVE-2022-39901
A-263783333 *
ID
High
Lassen Baseband
CVE-2023-21219
A-264698379 *
ID
High
TBD
CVE-2023-21220
A-264590585 *
ID
High
TBD
CVE-2023-21226
A-240728187 *
ID
High
modem
CVE-2023-21146
A-239867994 *
EoP
Moderate
LWIS
CVE-2023-21147
A-269661912 *
EoP
Moderate
Pixel camera driver
CVE-2023-21149
A-270050709 *
EoP
Moderate
ShannonRcs
CVE-2023-21151
A-265149414 *
EoP
Moderate
Google BMS Module
CVE-2023-21153
A-264259730 *
EoP
Moderate
rild_exynos
CVE-2023-21157
A-263783137 *
EoP
Moderate
exynos-ril
CVE-2023-21159
A-263783565 *
EoP
Moderate
exynos-ril
CVE-2023-21161
A-263783702 *
EoP
Moderate
exynos-ril
CVE-2023-21222
A-266977723 *
EoP
Moderate
libdmc
CVE-2023-21236
A-270148537 *
EoP
Moderate
aoc_core device driver
CVE-2023-21148
A-263783657 *
ID
Moderate
exynos RIL
CVE-2023-21150
A-267312009 *
ID
Moderate
audio service
CVE-2023-21152
A-269174022 *
ID
Moderate
android.hardware.camera.provider
CVE-2023-21154
A-263783910 *
ID
Moderate
rild_exynos
CVE-2023-21155
A-264540700 *
ID
Moderate
libsitril
CVE-2023-21156
A-264540759 *
ID
Moderate
rild_exynos
CVE-2023-21158
A-263783635 *
ID
Moderate
exynos-ril
CVE-2023-21160
A-263784118 *
ID
Moderate
exynos-ril
CVE-2023-21223
A-256047000 *
ID
Moderate
Exynos SLSI
CVE-2023-21224
A-265276966 *
ID
Moderate
exynos-slsi
Qualcomm components
CVE
References
Severity
Subcomponent
CVE-2022-33303
A-261492548
QC-CR#3181878 [2] [3] [4] [5] [6] [7] [8] [9]
Moderate
Kernel
Qualcomm closed-source components
CVE
References
Severity
Subcomponent
CVE-2022-33224
A-261492743 *
Moderate
Closed-source component
CVE-2022-33226
A-261492388 *
Moderate
Closed-source component
CVE-2022-33227
A-261492566 *
Moderate
Closed-source component
CVE-2022-33230
A-261492641 *
Moderate
Closed-source component
CVE-2022-33240
A-261492550 *
Moderate
Closed-source component
CVE-2022-33263
A-261492485 *
Moderate
Closed-source component
CVE-2022-33267
A-238893635 *
Moderate
Closed-source component
Functional patches
For details on the new bug fixes and functional patches included in this release, refer to the Pixel Community forum.
Common questions and answers
This section answers common questions that may occur after reading this bulletin.
1. How do I determine if my device is updated to address these issues?
Security patch levels of 2023-06-05 or later address all issues associated with the 2023-06-05 security patch level and all previous patch levels. To learn how to check a device’s security patch level, read the instructions on the Google device update schedule.
2. What do the entries in the Type column mean?
Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
Abbreviation
Definition
RCE
Remote code execution
EoP
Elevation of privilege
ID
Information disclosure
DoS
Denial of service
N/A
Classification not available
3. What do the entries in the References column mean?
Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.
Prefix
Reference
A-
Android bug ID
QC-
Qualcomm reference number
M-
MediaTek reference number
N-
NVIDIA reference number
B-
Broadcom reference number
U-
UNISOC reference number
4. What does an * next to the Android bug ID in the References column mean?
Issues that are not publicly available have an * next to the Android bug ID in the References column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.
5. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?
Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.
Versions
Version
Date
Notes
1.0
June 13, 2023
Bulletin Published
Related news
Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.
Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A