CVE-2023-21099

Name of the Vulnerable Software and Affected Versions Android versions Android-11 through Android-13

Description A logic error in the code of PackageInstallerSession.java allows foreground services to be started from the background, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android versions Android-11 through Android-13, apply the fix for the logic error in PackageInstallerSession.java to prevent foreground services from being started from the background. At the moment, there is no information about a newer version that contains a fix for this vulnerability.