Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-21281

In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE
#android#google#java#auth

)]}’ { "commit": "badb243574d7fca9aa89152d9d25eeb4f8615385", "tree": "9326e3afec08486cb46575bbbde3fc6a1d92d5c6", "parents": [ “0c3b7ec3377e7fb645ec366be3be96bb1a252ca1” ], "author": { "name": "Chandru S", "email": "[email protected]", "time": “Tue May 16 10:41:07 2023 -0700” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:34:29 2023 +0000” }, "message": "Use Settings.System.getIntForUser instead of getInt to make sure user specific settings are used\n\nBug: 265431505\nTest: atest KeyguardViewMediatorTest\n(cherry picked from commit 625e009fc195ba5d658ca2d78ebb23d2770cc6c4)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dbdfadc24c81453c9c51e0d549b0ace924f4341e)\nMerged-In: I66a660c091c90a957a0fd1e144c013840db3f47e\nChange-Id: I66a660c091c90a957a0fd1e144c013840db3f47e\n", "tree_diff": [ { "type": "modify", "old_id": "89994b0c228d5c7ff47d233f719f81723bbe3709", "old_mode": 33188, "old_path": "packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java", "new_id": "5d086e833e14a5f3909946425b4fb80baf24efa8", "new_mode": 33188, "new_path": “packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java” } ] }

Related news

CVE-2023-5801: November

Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2023-39408: September

DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-21267: Android Security Bulletin—August 2023

In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907