PT-2023-18208 · Google · Android
Dawuge
·
Published
2023-02-09
·
Updated
2023-02-21
·
CVE-2023-21441
CVSS v3.1
7.4
High
| Vector | AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Routine versions prior to 2.6.30.6 in Android Q(10)
Routine versions prior to 3.1.21.10 in Android R(11)
Routine versions prior to 3.5.2.23 in Android S(12)
Description
The issue allows a local attacker to access protected files via unused code due to insufficient verification of data authenticity.
Recommendations
For versions prior to 2.6.30.6 in Android Q(10), update to version 2.6.30.6 or later.
For versions prior to 3.1.21.10 in Android R(11), update to version 3.1.21.10 or later.
For versions prior to 3.5.2.23 in Android S(12), update to version 3.5.2.23 or later.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android