CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-21290

In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.1%

CVSS Severity

CVSS v3 Score 5.5

References

https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9
https://source.android.com/security/bulletin/2023-08-01
https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9
https://source.android.com/security/bulletin/2023-08-01

Products affected by CVE-2023-21290

Google » Android » Version: 11.0

cpe:2.3:o:google:android:11.0
Google » Android » Version: 12.0

cpe:2.3:o:google:android:12.0
Google » Android » Version: 12.1

cpe:2.3:o:google:android:12.1
Google » Android » Version: 13.0

cpe:2.3:o:google:android:13.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-21290

Products

Pricing

Contact Us