CVE-2023-38301

Name of the Vulnerable Software and Affected Versions BLU View 2 version B131DL/B130DL:11/RP1A.200720.011/1672046950:user/release-keys Boost Mobile Celero 5G version Celero5G/Jupiter/Jupiter:11/RP1A.200720.011/SW S98119AA1 V067:user/release-keys Sharp Rouvo V version SHARP/VZW STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0 0 530:user/release-keys Motorola Moto G Pure versions motorola/ellis trac/ellis:11/RRHS31.Q3-46-110-2/74844:user/release-keys through motorola/ellis trac/ellis:11/RRHS31.Q3-46-110-13/b4a29:user/release-keys Motorola Moto G Pure versions motorola/ellis trac/ellis:12/S3RH32.20-42-10/1c2540:user/release-keys through motorola/ellis trac/ellis:12/S3RHS32.20-42-13-2-1/6368dd:user/release-keys Motorola Moto G Pure version motorola/ellis a/ellis:11/RRH31.Q3-46-50-2/20fec:user/release-keys Motorola Moto G Pure versions motorola/ellis vzw/ellis:11/RRH31.Q3-46-138/103bd:user/release-keys through motorola/ellis vzw/ellis:11/RRHS31.Q3-46-138-2/e5502:user/release-keys Motorola Moto G Pure version motorola/ellis vzw/ellis:12/S3RHS32.20-42-10-14-2/5e0b0:user/release-keys Motorola Moto G Power versions motorola/tonga g/tonga:11/RRQ31.Q3-68-16-2/e5877:user/release-keys through motorola/tonga g/tonga:12/S3RQS32.20-42-10-6/f876d3:user/release-keys T-Mobile Revvl 6 Pro 5G version T-Mobile/Augusta/Augusta:12/SP1A.210812.016/SW S98121AA1 V070:user/release-keys T-Mobile Revvl V+ 5G version T-Mobile/Sprout/Sprout:11/RP1A.200720.011/SW S98115AA1 V077:user/release-keys

Description A third-party component issue related to vendor.gsm.serial allows any local app on the device to access the device serial number without permissions or special privileges. This issue affects devices from multiple manufacturers. The device serial number can be indirectly obtained by reading from the "vendor.gsm.serial" system property.

Recommendations For each affected device, consider restricting access to the vendor.gsm.serial system property until a patch is available. As a temporary workaround, consider disabling any functionality that relies on the vendor.gsm.serial system property to minimize the risk of exploitation. Avoid using the vendor.gsm.serial system property in any local apps on the affected devices until the issue is resolved.