CVE-2023-21290

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue is related to a race condition in the update of MmsProvider.java, which could allow bypassing file permission checks. This could lead to a local denial of service without requiring additional execution privileges. User interaction is not needed for exploitation.

Recommendations For versions prior to the fixed version, consider restricting access to the MmsProvider.java module to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.