CVE-2023-21085

CVSS V2 None CVSS V3 None

Description

In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-264879662

Overview

CVE ID
CVE-2023-21085

Assigner
security@android.com

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-19T20:15:11

Last Modified Date
2023-04-20T13:15:18

References

Reference URL	Reference Tags
https://source.android.com/security/bulletin/2023-04-01

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-21085
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21085

History

Created	Old Value	New Value	Data Type	Notes
2023-04-19 21:02:04				Added to TrackCVE
2023-04-20 14:01:42		2023-04-20T13:15:18	CVE Modified Date	updated
2023-04-20 14:01:42	Received	Awaiting Analysis	Vulnerability Status	updated
2023-04-25 18:01:08	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated