CVE-2023-21001

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description In the onContextItemSelected method of NetworkProviderSettings.java, a missing permission check allows users to change the Wi-Fi settings of other users. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For Android version Android-13, apply the patch for Android ID A-237672190 to resolve the issue. As a temporary workaround, consider restricting access to the NetworkProviderSettings.java functionality until the patch is applied.