CVE-2023-21026

Name of the Vulnerable Software and Affected Versions Android version Android-13

Description In the updateInputChannel function of WindowManagerService.java, a logic error allows setting a touchable region beyond its own SurfaceControl. This could lead to local denial of service without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations For Android version Android-13, apply the necessary patch or update to resolve the issue. As a temporary workaround, consider restricting access to the updateInputChannel function in WindowManagerService.java to minimize the risk of exploitation.