CVE-2023-21092

Name of the Vulnerable Software and Affected Versions Android versions Android-11 through Android-13

Description The issue is related to improper input validation in the retrieveServiceLocked function of ActiveServices.java, allowing for the dynamic registration of a BroadcastReceiver using system app permissions. This could lead to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android versions Android-11 through Android-13, update to a version that includes the fix for this issue, as described in Android ID: A-242040055.