CVE-2023-21156

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a possible out of bounds read in the BuildGetRadioNode function of protocolmiscbulider.cpp due to improper input validation. This could lead to local information disclosure from the modem, requiring System execution privileges for exploitation. No user interaction is needed for exploitation.

Recommendations For Android kernel, consider restricting access to sensitive modem information until a patch is available. As a temporary workaround, review and improve input validation in the BuildGetRadioNode function to prevent out of bounds reads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.