CVE-2023-21167

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jun 28, 2023

Updated: Jul 6, 2023

CWE ID 119

Summary

CVE-2023-21167 is a vulnerability affecting the Android operating system on versions 13 and above. In the implementation of `setProfileName` in `DevicePolicyManagerService.java`, a bounds check is missing. An attacker can exploit this flaw to cause a crash in the SystemUI menu, resulting in a local denial of service. Notably, no additional execution privileges or user interaction are required for an attacker to trigger this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rpg87S
https://www.cve.org/CVERecord?id=CVE-2023-21167
https://nvd.nist.gov/vuln/detail/CVE-2023-21167

Back to Vulnerability Database