CVE-2023-21191

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android version Android-13

Description In the fixNotification function of NotificationManagerService.java, a logic error in the code can lead to a bypass of notification hide preference. This issue could result in local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android version Android-13, update to a version that includes the fix for the logic error in NotificationManagerService.java. As a temporary workaround, consider restricting access to the fixNotification function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-21191

Affected Products

Android

CVE-2023-21191

Related Identifiers

Affected Products

References · 5