CVE-2023-21021

Name of the Vulnerable Software and Affected Versions Android version Android-13

Description In the isTargetSdkLessThanQOrPrivileged function of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android version Android-13, consider restricting access to the WifiServiceImpl.java until a patch is available. As a temporary workaround, restrict the guest user's ability to modify network settings to minimize the risk of exploitation.