exploitDog

CVE-2023-21171

Опубликовано: 28 июн. 2023

Источник: nvd

CVSS3: 6.7

EPSS Низкий

Описание

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261085213

Ссылки

https://source.android.com/security/bulletin/pixel/2023-06-01
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2023-06-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00023

Низкий

6.7 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-c2f3-v6vh-fq3v

CVSS3: 6.7

github

больше 2 лет назад

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261085213

EPSS

Процентиль: 5%

0.00023

Низкий

6.7 Medium

CVSS3

Дефекты

NVD-CWE-noinfo