CVE-2023-38291

Name of the Vulnerable Software and Affected Versions TCL 30Z (affected versions not specified) TCL 10L (affected versions not specified) Motorola Moto G Pure (affected versions not specified) Motorola Moto G Power (affected versions not specified)

Description An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the affected devices leak the Wi-Fi MAC address to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in these instances, they are leaked by a high-privilege process and can be obtained indirectly.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.