Back to KEVs

CVE-2023-21237

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or...

Basic Information

CVE State
PUBLISHED
Reserved Date
November 03, 2022
Published Date
June 28, 2023
Last Updated
August 02, 2024
Vendor
n/a
Product
Android
Description
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912

CVSS Scores

CVSS v3.1

5.5 - MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2024-03-05 00:00:00 UTC) Source

References

https://source.android.com/security/bulletin/pixel/2023-06-01

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-03-05 00:00:00 UTC