From 57c2491ed57afeba82e2c59c9760a3bf37a010d8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 28 Jun 2023 18:00:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/20xxx/CVE-2022-20443.json | 50 ++++++++++++++++++++++++++++++++-- 2023/20xxx/CVE-2023-20968.json | 6 ++-- 2023/20xxx/CVE-2023-20971.json | 6 ++-- 2023/20xxx/CVE-2023-20972.json | 4 +-- 2023/20xxx/CVE-2023-20973.json | 4 +-- 2023/20xxx/CVE-2023-20974.json | 4 +-- 2023/20xxx/CVE-2023-20975.json | 4 +-- 2023/20xxx/CVE-2023-20976.json | 4 +-- 2023/20xxx/CVE-2023-20977.json | 4 +-- 2023/20xxx/CVE-2023-20979.json | 6 ++-- 2023/20xxx/CVE-2023-20980.json | 4 +-- 2023/20xxx/CVE-2023-20981.json | 4 +-- 2023/20xxx/CVE-2023-20982.json | 4 +-- 2023/20xxx/CVE-2023-20983.json | 6 ++-- 2023/20xxx/CVE-2023-20984.json | 4 +-- 2023/20xxx/CVE-2023-20985.json | 4 +-- 2023/20xxx/CVE-2023-20986.json | 6 ++-- 2023/20xxx/CVE-2023-20987.json | 4 +-- 2023/20xxx/CVE-2023-20988.json | 4 +-- 2023/20xxx/CVE-2023-20989.json | 4 +-- 2023/20xxx/CVE-2023-20990.json | 6 ++-- 2023/20xxx/CVE-2023-20991.json | 6 ++-- 2023/20xxx/CVE-2023-20992.json | 4 +-- 2023/21xxx/CVE-2023-21027.json | 6 ++-- 2023/21xxx/CVE-2023-21031.json | 6 ++-- 2023/21xxx/CVE-2023-21066.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21146.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21147.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21148.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21149.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21150.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21151.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21152.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21153.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21154.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21155.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21156.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21157.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21158.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21159.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21160.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21161.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21167.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21168.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21169.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21170.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21171.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21172.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21173.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21174.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21175.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21176.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21177.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21178.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21179.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21180.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21181.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21182.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21183.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21184.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21185.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21186.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21187.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21188.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21189.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21190.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21191.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21192.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21193.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21194.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21195.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21196.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21197.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21198.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21199.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21200.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21201.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21202.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21203.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21204.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21205.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21206.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21207.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21208.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21209.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21210.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21211.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21212.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21213.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21214.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21219.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21220.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21222.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21223.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21224.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21225.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21226.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21236.json | 50 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21237.json | 50 ++++++++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3449.json | 18 ++++++++++++ 100 files changed, 3600 insertions(+), 282 deletions(-) create mode 100644 2023/3xxx/CVE-2023-3449.json diff --git a/2022/20xxx/CVE-2022-20443.json b/2022/20xxx/CVE-2022-20443.json index c08f3ec2ba1..432aa487b50 100644 --- a/2022/20xxx/CVE-2022-20443.json +++ b/2022/20xxx/CVE-2022-20443.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/android-13", + "url": "https://source.android.com/security/bulletin/android-13" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194480991" } ] } diff --git a/2023/20xxx/CVE-2023-20968.json b/2023/20xxx/CVE-2023-20968.json index eb3e85caf1d..b150543261f 100644 --- a/2023/20xxx/CVE-2023-20968.json +++ b/2023/20xxx/CVE-2023-20968.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235935" + "value": "In multiple functions of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235935" } ] } diff --git a/2023/20xxx/CVE-2023-20971.json b/2023/20xxx/CVE-2023-20971.json index 210725e85be..68c1cda16e4 100644 --- a/2023/20xxx/CVE-2023-20971.json +++ b/2023/20xxx/CVE-2023-20971.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permission without the user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225880325" + "value": "In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225880325" } ] } diff --git a/2023/20xxx/CVE-2023-20972.json b/2023/20xxx/CVE-2023-20972.json index 057f6753af4..10bf56769bf 100644 --- a/2023/20xxx/CVE-2023-20972.json +++ b/2023/20xxx/CVE-2023-20972.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20973.json b/2023/20xxx/CVE-2023-20973.json index 35841ffd0a7..cb303f253fa 100644 --- a/2023/20xxx/CVE-2023-20973.json +++ b/2023/20xxx/CVE-2023-20973.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20974.json b/2023/20xxx/CVE-2023-20974.json index 14abda8c562..3bed004c3ec 100644 --- a/2023/20xxx/CVE-2023-20974.json +++ b/2023/20xxx/CVE-2023-20974.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20975.json b/2023/20xxx/CVE-2023-20975.json index 1ace4e2802c..7d763ce712d 100644 --- a/2023/20xxx/CVE-2023-20975.json +++ b/2023/20xxx/CVE-2023-20975.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20976.json b/2023/20xxx/CVE-2023-20976.json index 66da800bd5a..b3d7a5a3c04 100644 --- a/2023/20xxx/CVE-2023-20976.json +++ b/2023/20xxx/CVE-2023-20976.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20977.json b/2023/20xxx/CVE-2023-20977.json index 230688adb16..38be40d4e9e 100644 --- a/2023/20xxx/CVE-2023-20977.json +++ b/2023/20xxx/CVE-2023-20977.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20979.json b/2023/20xxx/CVE-2023-20979.json index 04596bf063b..8bbef29492a 100644 --- a/2023/20xxx/CVE-2023-20979.json +++ b/2023/20xxx/CVE-2023-20979.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In BtaAvCo::GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259939364" + "value": "In GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259939364" } ] } diff --git a/2023/20xxx/CVE-2023-20980.json b/2023/20xxx/CVE-2023-20980.json index 637c9fcb00a..1d630c5fa91 100644 --- a/2023/20xxx/CVE-2023-20980.json +++ b/2023/20xxx/CVE-2023-20980.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20981.json b/2023/20xxx/CVE-2023-20981.json index ab25f35d834..a10da011e0b 100644 --- a/2023/20xxx/CVE-2023-20981.json +++ b/2023/20xxx/CVE-2023-20981.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20982.json b/2023/20xxx/CVE-2023-20982.json index 0fae76a70e0..96b4d38af11 100644 --- a/2023/20xxx/CVE-2023-20982.json +++ b/2023/20xxx/CVE-2023-20982.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20983.json b/2023/20xxx/CVE-2023-20983.json index 95cdbd2f926..002b97a32c4 100644 --- a/2023/20xxx/CVE-2023-20983.json +++ b/2023/20xxx/CVE-2023-20983.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In btm_ble_rand_enc_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569449" + "value": "In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569449" } ] } diff --git a/2023/20xxx/CVE-2023-20984.json b/2023/20xxx/CVE-2023-20984.json index 0d213c88531..a80ad4c4752 100644 --- a/2023/20xxx/CVE-2023-20984.json +++ b/2023/20xxx/CVE-2023-20984.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20985.json b/2023/20xxx/CVE-2023-20985.json index d4bd3ace9cd..0b03858e015 100644 --- a/2023/20xxx/CVE-2023-20985.json +++ b/2023/20xxx/CVE-2023-20985.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20986.json b/2023/20xxx/CVE-2023-20986.json index c52f9f7326a..e5356c04734 100644 --- a/2023/20xxx/CVE-2023-20986.json +++ b/2023/20xxx/CVE-2023-20986.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304475" + "value": "In btm_ble_clear_resolving_list_completecomplete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304475" } ] } diff --git a/2023/20xxx/CVE-2023-20987.json b/2023/20xxx/CVE-2023-20987.json index 76d4c970c0a..f9bbf337d1e 100644 --- a/2023/20xxx/CVE-2023-20987.json +++ b/2023/20xxx/CVE-2023-20987.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20988.json b/2023/20xxx/CVE-2023-20988.json index 3134ab2c5c1..74771e578a8 100644 --- a/2023/20xxx/CVE-2023-20988.json +++ b/2023/20xxx/CVE-2023-20988.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20989.json b/2023/20xxx/CVE-2023-20989.json index c64dc0b8332..3d4c12dccc1 100644 --- a/2023/20xxx/CVE-2023-20989.json +++ b/2023/20xxx/CVE-2023-20989.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/20xxx/CVE-2023-20990.json b/2023/20xxx/CVE-2023-20990.json index 35eb766d399..f0199182f33 100644 --- a/2023/20xxx/CVE-2023-20990.json +++ b/2023/20xxx/CVE-2023-20990.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In btm_read_local_oob_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568354" + "value": "In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568354" } ] } diff --git a/2023/20xxx/CVE-2023-20991.json b/2023/20xxx/CVE-2023-20991.json index 0aeba3ab113..df9d25784d5 100644 --- a/2023/20xxx/CVE-2023-20991.json +++ b/2023/20xxx/CVE-2023-20991.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255305114" + "value": "In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255305114" } ] } diff --git a/2023/20xxx/CVE-2023-20992.json b/2023/20xxx/CVE-2023-20992.json index b301d28c9e0..41d73f24783 100644 --- a/2023/20xxx/CVE-2023-20992.json +++ b/2023/20xxx/CVE-2023-20992.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, diff --git a/2023/21xxx/CVE-2023-21027.json b/2023/21xxx/CVE-2023-21027.json index 21eafe2bdba..4a0d0776aaa 100644 --- a/2023/21xxx/CVE-2023-21027.json +++ b/2023/21xxx/CVE-2023-21027.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In serializePasspointConfiguration of PasspointXmlUtils.java, there is a possible logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216854451" + "value": "In multiple functions of PasspointXmlUtils.java, there is a possible authentication misconfiguration due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216854451" } ] } diff --git a/2023/21xxx/CVE-2023-21031.json b/2023/21xxx/CVE-2023-21031.json index d13f4726382..12f6d3763b5 100644 --- a/2023/21xxx/CVE-2023-21031.json +++ b/2023/21xxx/CVE-2023-21031.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In Display::setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242688355" + "value": "In setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242688355" } ] } diff --git a/2023/21xxx/CVE-2023-21066.json b/2023/21xxx/CVE-2023-21066.json index 647d908c776..f1a5d9397c7 100644 --- a/2023/21xxx/CVE-2023-21066.json +++ b/2023/21xxx/CVE-2023-21066.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21066", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-250100597References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21146.json b/2023/21xxx/CVE-2023-21146.json index becc1c938fd..8441fc2e913 100644 --- a/2023/21xxx/CVE-2023-21146.json +++ b/2023/21xxx/CVE-2023-21146.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21146", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239867994References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21147.json b/2023/21xxx/CVE-2023-21147.json index 690842c3de0..bc34c296c2c 100644 --- a/2023/21xxx/CVE-2023-21147.json +++ b/2023/21xxx/CVE-2023-21147.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21147", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269661912References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21148.json b/2023/21xxx/CVE-2023-21148.json index a07d2769ad0..2698a0846a2 100644 --- a/2023/21xxx/CVE-2023-21148.json +++ b/2023/21xxx/CVE-2023-21148.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21148", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783657References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21149.json b/2023/21xxx/CVE-2023-21149.json index 1c8a56924bf..76818106e43 100644 --- a/2023/21xxx/CVE-2023-21149.json +++ b/2023/21xxx/CVE-2023-21149.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270050709References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21150.json b/2023/21xxx/CVE-2023-21150.json index 34ad4258856..9db2d518c81 100644 --- a/2023/21xxx/CVE-2023-21150.json +++ b/2023/21xxx/CVE-2023-21150.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In handle_set_parameters_ctrl of hal_socket.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-267312009References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21151.json b/2023/21xxx/CVE-2023-21151.json index 6f50f638da4..44509b3cb8d 100644 --- a/2023/21xxx/CVE-2023-21151.json +++ b/2023/21xxx/CVE-2023-21151.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Google BMS kernel module, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265149414References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21152.json b/2023/21xxx/CVE-2023-21152.json index 2f3697bd30d..6fe729e56d1 100644 --- a/2023/21xxx/CVE-2023-21152.json +++ b/2023/21xxx/CVE-2023-21152.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21152", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269174022References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21153.json b/2023/21xxx/CVE-2023-21153.json index ebb7ebbf35e..116d30984b9 100644 --- a/2023/21xxx/CVE-2023-21153.json +++ b/2023/21xxx/CVE-2023-21153.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21153", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264259730References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21154.json b/2023/21xxx/CVE-2023-21154.json index 01b1efd0870..df5f90f5991 100644 --- a/2023/21xxx/CVE-2023-21154.json +++ b/2023/21xxx/CVE-2023-21154.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21154", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783910References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21155.json b/2023/21xxx/CVE-2023-21155.json index 5d8a12d3e04..5bae6626b26 100644 --- a/2023/21xxx/CVE-2023-21155.json +++ b/2023/21xxx/CVE-2023-21155.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21155", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264540700References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21156.json b/2023/21xxx/CVE-2023-21156.json index 4b63d9b3e9c..2d9339a5172 100644 --- a/2023/21xxx/CVE-2023-21156.json +++ b/2023/21xxx/CVE-2023-21156.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21156", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BuildGetRadioNode of protocolmiscbulider.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the modem with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264540759References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21157.json b/2023/21xxx/CVE-2023-21157.json index c68e0c5e62a..9bca6da8fc6 100644 --- a/2023/21xxx/CVE-2023-21157.json +++ b/2023/21xxx/CVE-2023-21157.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21157", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In encode of wlandata.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783137References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21158.json b/2023/21xxx/CVE-2023-21158.json index 2f793a0b8b3..30507f936bc 100644 --- a/2023/21xxx/CVE-2023-21158.json +++ b/2023/21xxx/CVE-2023-21158.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In encode of miscdata.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783635References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21159.json b/2023/21xxx/CVE-2023-21159.json index 8bb613a82d5..207c3287528 100644 --- a/2023/21xxx/CVE-2023-21159.json +++ b/2023/21xxx/CVE-2023-21159.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21159", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783565References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21160.json b/2023/21xxx/CVE-2023-21160.json index 083895e6b80..7ceeca1d8dd 100644 --- a/2023/21xxx/CVE-2023-21160.json +++ b/2023/21xxx/CVE-2023-21160.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BuildSetTcsFci of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263784118References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21161.json b/2023/21xxx/CVE-2023-21161.json index 688999a381f..70b80da0827 100644 --- a/2023/21xxx/CVE-2023-21161.json +++ b/2023/21xxx/CVE-2023-21161.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783702References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21167.json b/2023/21xxx/CVE-2023-21167.json index eb845f40799..0b6e9b1a961 100644 --- a/2023/21xxx/CVE-2023-21167.json +++ b/2023/21xxx/CVE-2023-21167.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21167", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942964" } ] } diff --git a/2023/21xxx/CVE-2023-21168.json b/2023/21xxx/CVE-2023-21168.json index 0da484ba71a..f3aed299178 100644 --- a/2023/21xxx/CVE-2023-21168.json +++ b/2023/21xxx/CVE-2023-21168.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21168", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-253270285" } ] } diff --git a/2023/21xxx/CVE-2023-21169.json b/2023/21xxx/CVE-2023-21169.json index 61953b68608..e77b89eb5bc 100644 --- a/2023/21xxx/CVE-2023-21169.json +++ b/2023/21xxx/CVE-2023-21169.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21169", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In inviteInternal of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-274443441" } ] } diff --git a/2023/21xxx/CVE-2023-21170.json b/2023/21xxx/CVE-2023-21170.json index 62757d7d801..b1b2617e631 100644 --- a/2023/21xxx/CVE-2023-21170.json +++ b/2023/21xxx/CVE-2023-21170.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21170", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252764410" } ] } diff --git a/2023/21xxx/CVE-2023-21171.json b/2023/21xxx/CVE-2023-21171.json index 7009a75fa51..7aa55d5c52e 100644 --- a/2023/21xxx/CVE-2023-21171.json +++ b/2023/21xxx/CVE-2023-21171.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261085213" } ] } diff --git a/2023/21xxx/CVE-2023-21172.json b/2023/21xxx/CVE-2023-21172.json index d0a3c55be57..8d6896ef3a7 100644 --- a/2023/21xxx/CVE-2023-21172.json +++ b/2023/21xxx/CVE-2023-21172.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21172", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015" } ] } diff --git a/2023/21xxx/CVE-2023-21173.json b/2023/21xxx/CVE-2023-21173.json index c12fef25d89..df0ed69e352 100644 --- a/2023/21xxx/CVE-2023-21173.json +++ b/2023/21xxx/CVE-2023-21173.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858" } ] } diff --git a/2023/21xxx/CVE-2023-21174.json b/2023/21xxx/CVE-2023-21174.json index 47d98ee7100..1a1e4f20384 100644 --- a/2023/21xxx/CVE-2023-21174.json +++ b/2023/21xxx/CVE-2023-21174.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822222" } ] } diff --git a/2023/21xxx/CVE-2023-21175.json b/2023/21xxx/CVE-2023-21175.json index 04be667f2a5..46e367eb01a 100644 --- a/2023/21xxx/CVE-2023-21175.json +++ b/2023/21xxx/CVE-2023-21175.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21175", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243574" } ] } diff --git a/2023/21xxx/CVE-2023-21176.json b/2023/21xxx/CVE-2023-21176.json index b60665033b3..19aabf19a02 100644 --- a/2023/21xxx/CVE-2023-21176.json +++ b/2023/21xxx/CVE-2023-21176.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335" } ] } diff --git a/2023/21xxx/CVE-2023-21177.json b/2023/21xxx/CVE-2023-21177.json index eccee2bcd03..e474de619e1 100644 --- a/2023/21xxx/CVE-2023-21177.json +++ b/2023/21xxx/CVE-2023-21177.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273906410" } ] } diff --git a/2023/21xxx/CVE-2023-21178.json b/2023/21xxx/CVE-2023-21178.json index 48aae892e3f..5a9a5058be4 100644 --- a/2023/21xxx/CVE-2023-21178.json +++ b/2023/21xxx/CVE-2023-21178.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21178", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-140762419" } ] } diff --git a/2023/21xxx/CVE-2023-21179.json b/2023/21xxx/CVE-2023-21179.json index e00f510f06d..a560e30a604 100644 --- a/2023/21xxx/CVE-2023-21179.json +++ b/2023/21xxx/CVE-2023-21179.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21179", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-272755865" } ] } diff --git a/2023/21xxx/CVE-2023-21180.json b/2023/21xxx/CVE-2023-21180.json index 898d43447f0..449aa315304 100644 --- a/2023/21xxx/CVE-2023-21180.json +++ b/2023/21xxx/CVE-2023-21180.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21180", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In xmlParseTryOrFinish of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261365944" } ] } diff --git a/2023/21xxx/CVE-2023-21181.json b/2023/21xxx/CVE-2023-21181.json index ab2abcbd739..c99aa9f3a5e 100644 --- a/2023/21xxx/CVE-2023-21181.json +++ b/2023/21xxx/CVE-2023-21181.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-264880969" } ] } diff --git a/2023/21xxx/CVE-2023-21182.json b/2023/21xxx/CVE-2023-21182.json index 59f2bd00359..1212179b981 100644 --- a/2023/21xxx/CVE-2023-21182.json +++ b/2023/21xxx/CVE-2023-21182.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21182", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252764175" } ] } diff --git a/2023/21xxx/CVE-2023-21183.json b/2023/21xxx/CVE-2023-21183.json index 3a7fe8f0df8..436dfcce63e 100644 --- a/2023/21xxx/CVE-2023-21183.json +++ b/2023/21xxx/CVE-2023-21183.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21183", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235863754" } ] } diff --git a/2023/21xxx/CVE-2023-21184.json b/2023/21xxx/CVE-2023-21184.json index df2b3a2da29..5068a271110 100644 --- a/2023/21xxx/CVE-2023-21184.json +++ b/2023/21xxx/CVE-2023-21184.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-267809568" } ] } diff --git a/2023/21xxx/CVE-2023-21185.json b/2023/21xxx/CVE-2023-21185.json index d87c2da7435..aec534bca4f 100644 --- a/2023/21xxx/CVE-2023-21185.json +++ b/2023/21xxx/CVE-2023-21185.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-266700762" } ] } diff --git a/2023/21xxx/CVE-2023-21186.json b/2023/21xxx/CVE-2023-21186.json index d6c6fb77e99..6783c0017a5 100644 --- a/2023/21xxx/CVE-2023-21186.json +++ b/2023/21xxx/CVE-2023-21186.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21186", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In LogResponse of Dns.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261079188" } ] } diff --git a/2023/21xxx/CVE-2023-21187.json b/2023/21xxx/CVE-2023-21187.json index 4ec4e0f7356..9d373ffe94b 100644 --- a/2023/21xxx/CVE-2023-21187.json +++ b/2023/21xxx/CVE-2023-21187.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246542917" } ] } diff --git a/2023/21xxx/CVE-2023-21188.json b/2023/21xxx/CVE-2023-21188.json index 6a5f71f3ec0..519a1eb2d93 100644 --- a/2023/21xxx/CVE-2023-21188.json +++ b/2023/21xxx/CVE-2023-21188.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21188", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-264624283" } ] } diff --git a/2023/21xxx/CVE-2023-21189.json b/2023/21xxx/CVE-2023-21189.json index b27bf3b6c7e..937324653fe 100644 --- a/2023/21xxx/CVE-2023-21189.json +++ b/2023/21xxx/CVE-2023-21189.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21189", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213942596" } ] } diff --git a/2023/21xxx/CVE-2023-21190.json b/2023/21xxx/CVE-2023-21190.json index 8a8959dd53d..c59563c0973 100644 --- a/2023/21xxx/CVE-2023-21190.json +++ b/2023/21xxx/CVE-2023-21190.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21190", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251436534" } ] } diff --git a/2023/21xxx/CVE-2023-21191.json b/2023/21xxx/CVE-2023-21191.json index 51f9e1e801f..7ee651c34a7 100644 --- a/2023/21xxx/CVE-2023-21191.json +++ b/2023/21xxx/CVE-2023-21191.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In fixNotification of NotificationManagerService.java, there is a possible bypass of notification hide preference due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-269738057" } ] } diff --git a/2023/21xxx/CVE-2023-21192.json b/2023/21xxx/CVE-2023-21192.json index 483c1bcb0de..77be07b9368 100644 --- a/2023/21xxx/CVE-2023-21192.json +++ b/2023/21xxx/CVE-2023-21192.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21192", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653" } ] } diff --git a/2023/21xxx/CVE-2023-21193.json b/2023/21xxx/CVE-2023-21193.json index 22f75b8ff62..397e0b093d0 100644 --- a/2023/21xxx/CVE-2023-21193.json +++ b/2023/21xxx/CVE-2023-21193.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21193", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233006499" } ] } diff --git a/2023/21xxx/CVE-2023-21194.json b/2023/21xxx/CVE-2023-21194.json index e601760bd6b..7c3e30d7395 100644 --- a/2023/21xxx/CVE-2023-21194.json +++ b/2023/21xxx/CVE-2023-21194.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260079141" } ] } diff --git a/2023/21xxx/CVE-2023-21195.json b/2023/21xxx/CVE-2023-21195.json index 680f899e082..0684f8ead64 100644 --- a/2023/21xxx/CVE-2023-21195.json +++ b/2023/21xxx/CVE-2023-21195.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21195", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth, if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233879420" } ] } diff --git a/2023/21xxx/CVE-2023-21196.json b/2023/21xxx/CVE-2023-21196.json index f03c367b463..2af206c453b 100644 --- a/2023/21xxx/CVE-2023-21196.json +++ b/2023/21xxx/CVE-2023-21196.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21196", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261857395" } ] } diff --git a/2023/21xxx/CVE-2023-21197.json b/2023/21xxx/CVE-2023-21197.json index b7f2c61c1d3..37fe19b7d80 100644 --- a/2023/21xxx/CVE-2023-21197.json +++ b/2023/21xxx/CVE-2023-21197.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251427561" } ] } diff --git a/2023/21xxx/CVE-2023-21198.json b/2023/21xxx/CVE-2023-21198.json index fffecbde4a9..9772ebc856a 100644 --- a/2023/21xxx/CVE-2023-21198.json +++ b/2023/21xxx/CVE-2023-21198.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21198", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245517503" } ] } diff --git a/2023/21xxx/CVE-2023-21199.json b/2023/21xxx/CVE-2023-21199.json index d519782ff3b..14a248b5e2d 100644 --- a/2023/21xxx/CVE-2023-21199.json +++ b/2023/21xxx/CVE-2023-21199.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254445961" } ] } diff --git a/2023/21xxx/CVE-2023-21200.json b/2023/21xxx/CVE-2023-21200.json index 3a4f4522b58..35b40594c79 100644 --- a/2023/21xxx/CVE-2023-21200.json +++ b/2023/21xxx/CVE-2023-21200.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236688764" } ] } diff --git a/2023/21xxx/CVE-2023-21201.json b/2023/21xxx/CVE-2023-21201.json index 6f6896a9738..8a5c69e2d66 100644 --- a/2023/21xxx/CVE-2023-21201.json +++ b/2023/21xxx/CVE-2023-21201.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In on_create_record_event of btif_sdp_server.cc, there is a possible out of bounds read due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263545186" } ] } diff --git a/2023/21xxx/CVE-2023-21202.json b/2023/21xxx/CVE-2023-21202.json index 850199c5a7f..0b3260a1ab6 100644 --- a/2023/21xxx/CVE-2023-21202.json +++ b/2023/21xxx/CVE-2023-21202.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21202", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568359" } ] } diff --git a/2023/21xxx/CVE-2023-21203.json b/2023/21xxx/CVE-2023-21203.json index d5cf9e60167..563f916f3f2 100644 --- a/2023/21xxx/CVE-2023-21203.json +++ b/2023/21xxx/CVE-2023-21203.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262246082" } ] } diff --git a/2023/21xxx/CVE-2023-21204.json b/2023/21xxx/CVE-2023-21204.json index c94a68bb74b..9f3a7d4aab9 100644 --- a/2023/21xxx/CVE-2023-21204.json +++ b/2023/21xxx/CVE-2023-21204.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262246231" } ] } diff --git a/2023/21xxx/CVE-2023-21205.json b/2023/21xxx/CVE-2023-21205.json index 53a5f4daa08..6f9045ad650 100644 --- a/2023/21xxx/CVE-2023-21205.json +++ b/2023/21xxx/CVE-2023-21205.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245376" } ] } diff --git a/2023/21xxx/CVE-2023-21206.json b/2023/21xxx/CVE-2023-21206.json index 4019132cb14..1af6d63c9de 100644 --- a/2023/21xxx/CVE-2023-21206.json +++ b/2023/21xxx/CVE-2023-21206.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245630" } ] } diff --git a/2023/21xxx/CVE-2023-21207.json b/2023/21xxx/CVE-2023-21207.json index 94479827dfa..64dd664e9cd 100644 --- a/2023/21xxx/CVE-2023-21207.json +++ b/2023/21xxx/CVE-2023-21207.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236670" } ] } diff --git a/2023/21xxx/CVE-2023-21208.json b/2023/21xxx/CVE-2023-21208.json index 7a9abca136b..ac2ef0e89fe 100644 --- a/2023/21xxx/CVE-2023-21208.json +++ b/2023/21xxx/CVE-2023-21208.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245254" } ] } diff --git a/2023/21xxx/CVE-2023-21209.json b/2023/21xxx/CVE-2023-21209.json index 5aa68bc5a63..a3c903f3340 100644 --- a/2023/21xxx/CVE-2023-21209.json +++ b/2023/21xxx/CVE-2023-21209.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236273" } ] } diff --git a/2023/21xxx/CVE-2023-21210.json b/2023/21xxx/CVE-2023-21210.json index b5be1afccf5..98444d5d386 100644 --- a/2023/21xxx/CVE-2023-21210.json +++ b/2023/21xxx/CVE-2023-21210.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In initiateHs20IconQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236331" } ] } diff --git a/2023/21xxx/CVE-2023-21211.json b/2023/21xxx/CVE-2023-21211.json index 0a8498af210..90453a0dcb2 100644 --- a/2023/21xxx/CVE-2023-21211.json +++ b/2023/21xxx/CVE-2023-21211.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235998" } ] } diff --git a/2023/21xxx/CVE-2023-21212.json b/2023/21xxx/CVE-2023-21212.json index 3a3ff427f26..f337b06bd12 100644 --- a/2023/21xxx/CVE-2023-21212.json +++ b/2023/21xxx/CVE-2023-21212.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236031" } ] } diff --git a/2023/21xxx/CVE-2023-21213.json b/2023/21xxx/CVE-2023-21213.json index b5f1bd7a2cf..201a49d90b3 100644 --- a/2023/21xxx/CVE-2023-21213.json +++ b/2023/21xxx/CVE-2023-21213.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21213", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235951" } ] } diff --git a/2023/21xxx/CVE-2023-21214.json b/2023/21xxx/CVE-2023-21214.json index f0fb49cc544..4509287bd33 100644 --- a/2023/21xxx/CVE-2023-21214.json +++ b/2023/21xxx/CVE-2023-21214.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235736" } ] } diff --git a/2023/21xxx/CVE-2023-21219.json b/2023/21xxx/CVE-2023-21219.json index 9d54a0ea602..77dc1956b71 100644 --- a/2023/21xxx/CVE-2023-21219.json +++ b/2023/21xxx/CVE-2023-21219.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264698379References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21220.json b/2023/21xxx/CVE-2023-21220.json index ed098f04947..0d9951e4308 100644 --- a/2023/21xxx/CVE-2023-21220.json +++ b/2023/21xxx/CVE-2023-21220.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21220", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264590585References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21222.json b/2023/21xxx/CVE-2023-21222.json index 84a7f6fbd77..196f3755ea6 100644 --- a/2023/21xxx/CVE-2023-21222.json +++ b/2023/21xxx/CVE-2023-21222.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21222", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In load_dt_data of storage.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-266977723References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21223.json b/2023/21xxx/CVE-2023-21223.json index 3858d54f1da..22f130f1124 100644 --- a/2023/21xxx/CVE-2023-21223.json +++ b/2023/21xxx/CVE-2023-21223.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In LPP_ConvertGNSS_DataBitAssistance of LPP_CommonUtil.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-256047000References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21224.json b/2023/21xxx/CVE-2023-21224.json index 6fbcca6d944..1f89c22db7a 100644 --- a/2023/21xxx/CVE-2023-21224.json +++ b/2023/21xxx/CVE-2023-21224.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21224", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265276966References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21225.json b/2023/21xxx/CVE-2023-21225.json index 232779f2484..06d161f8325 100644 --- a/2023/21xxx/CVE-2023-21225.json +++ b/2023/21xxx/CVE-2023-21225.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21225", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270403821References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21226.json b/2023/21xxx/CVE-2023-21226.json index 3b476b7d255..006d392b68f 100644 --- a/2023/21xxx/CVE-2023-21226.json +++ b/2023/21xxx/CVE-2023-21226.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21226", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240728187References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21236.json b/2023/21xxx/CVE-2023-21236.json index 779ce22daf7..eef2361ef7b 100644 --- a/2023/21xxx/CVE-2023-21236.json +++ b/2023/21xxx/CVE-2023-21236.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21236", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In aoc_service_set_read_blocked of aoc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270148537References: N/A" } ] } diff --git a/2023/21xxx/CVE-2023-21237.json b/2023/21xxx/CVE-2023-21237.json index 3299ea1aed8..4aafeb87379 100644 --- a/2023/21xxx/CVE-2023-21237.json +++ b/2023/21xxx/CVE-2023-21237.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21237", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-06-01", + "url": "https://source.android.com/security/bulletin/pixel/2023-06-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912" } ] } diff --git a/2023/3xxx/CVE-2023-3449.json b/2023/3xxx/CVE-2023-3449.json new file mode 100644 index 00000000000..fe5af900d15 --- /dev/null +++ b/2023/3xxx/CVE-2023-3449.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3449", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file