CVE-2023-21178

CVSS 3.1 Score 4.1 of 10 (medium)

Details

Published Jun 28, 2023

Updated: Jun 30, 2023

CWE ID 362

Summary

CVE-2023-21178 is a vulnerability affecting Android's KeyUtil.cpp in the installKey function. This issue results in a potential failure of file encryption due to a race condition. With System execution privileges, an attacker could exploit this vulnerability to disclose local information without requiring user interaction. This flaw impacts Android-13 and requires further investigation for potential mitigations or patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rpg868
https://www.cve.org/CVERecord?id=CVE-2023-21178
https://nvd.nist.gov/vuln/detail/CVE-2023-21178

Back to Vulnerability Database