CVE-2023-21237
Android Pixel Information Disclosure Vulnerability
CVSS
—
No CVSS
EPSS
0.3%
p18
KEV
YES
Mar 5, 2024
Exploit Today
55
0-100
Published: — · Last modified: —
Product
Android / Pixel
Vulnerability
Android Pixel Information Disclosure Vulnerability
Added to KEV
Mar 5, 2024
Remediate by
Mar 26, 2024
Known ransomware use
No
Summary description
Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://source.android.com/docs/security/bulletin/pixel/2023-06-01; https://nvd.nist.gov/vuln/detail/CVE-2023-21237