CVE-2023-21311

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue allows a secondary user to control private DNS settings due to a permissions bypass in the Settings application. This could lead to local information disclosure without requiring additional execution privileges or user interaction.

Recommendations For versions prior to the fixed version, consider restricting access to the Settings application for secondary users until a patch is available. As a temporary workaround, limit the ability of secondary users to modify private DNS settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.