CVE-2023-21175

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue is related to errors in permission handling in the DataUsageSummary.java component of the Android operating system. This could allow an attacker to escalate their privileges. A guest user may be able to enable or disable mobile data due to a permissions bypass, leading to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For Android version Android-13, consider restricting access to the DataUsageSummary.java component to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the ability for guest users to modify mobile data settings may help mitigate the issue.