ASB-A-218495634
- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-218495634.json
- Aliases
-
- CVE-2023-21267
- Published
- 2024-04-01T00:00:00Z
- Modified
- 2024-04-29T14:40:18Z
- Details
-
In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2024-04-01
- https://android.googlesource.com/platform/frameworks/base/+/cecddcd865f72d76f7aacb1cf4479365847299f9
- https://android.googlesource.com/platform/frameworks/base/+/cb7e9c7549a2a076ec00db15e3da0d21b31b0b1c
- https://android.googlesource.com/platform/frameworks/base/+/e205cd30e91d8eeadf562140c34c306ebf7d6394
Affected packages
Android / platform/frameworks/base
Package
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced12:0Fixed12:2024-04-01Introduced12L:0Fixed12L:2024-04-01Introduced13:0Fixed13:2024-04-01Introduced14:0Fixed14:2024-04-01
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/6962dbcd2eaf91552eb243aff0c0b95e567d27ca",
"https://android.googlesource.com/platform/frameworks/base/+/eaa129138096bc00b663bca93a5af9786aa47154",
"https://android.googlesource.com/platform/frameworks/base/+/5fba6ecb07c70dfc229a63249bf105c09ebea5b3"
],
"spl": "2024-04-01",
"types": [
"ID"
],
"severity": "High"
}