CVE-2023-21091

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue is related to a missing permission check in the canDisplayLocalUi method of AppLocalePickerActivity.java. This could allow changing system app locales, potentially leading to a local denial of service across user boundaries without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android version Android-13, apply the necessary permission checks to the canDisplayLocalUi method in AppLocalePickerActivity.java to prevent unauthorized changes to system app locales.