CVE-2023-20915

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-670
View all →

Vulnerability Description

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197

Related Vulnerabilities

CVE-2017-0604

HIGH
CVSS:7.8(High)

An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated a...

CWE-6702017

CVE-2020-25603

HIGH
CVSS:7.8(High)

An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the p...

CWE-6702020

CVE-2024-47745

HIGH
CVSS:7.8(High)

In the Linux kernel, the following vulnerability has been resolved: mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, whic...

CWE-6702024

CVE-2014-2686

HIGH
CVSS:7.5(High)

Ansible prior to 1.5.4 mishandles the evaluation of some strings.

CWE-6702014

CVE-2019-11412

HIGH
CVSS:7.5(High)

An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.

CWE-6702019

CVE-2019-19324

HIGH
CVSS:7.5(High)

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance.

CWE-6702019