CVE-2023-21270

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024

Updated: Nov 20, 2024

CWE ID 276

Summary

CVE-2023-21270 is a vulnerability affecting the PermissionManagerServiceImpl.java in Android's operating system. It allows an app to bypass the revocation of permissions during an update, potentially granting the app elevated privileges. This issue does not require user interaction for exploitation and could result in local escalation of privilege. Incorrect handling of permission flags during the restore process has been identified as the root cause.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sQVqw3
https://www.cve.org/CVERecord?id=CVE-2023-21270
https://nvd.nist.gov/vuln/detail/CVE-2023-21270

Back to Vulnerability Database

CVE-2023-21270

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations