CVE-2023-21116

Name of the Vulnerable Software and Affected Versions Android versions Android-11 through Android-13

Description A logic error in the code of InstallPackageHelper.java, specifically in the verifyReplacingVersionCode function, allows for a possible downgrade of system apps below the system image version. This could lead to local escalation of privilege, requiring System execution privileges. No user interaction is needed for exploitation.

Recommendations For Android versions Android-11 through Android-13, update to a version that includes a fix for the logic error in InstallPackageHelper.java to prevent the potential downgrade of system apps. At the moment, there is no information about a newer version that contains a fix for this vulnerability.