Login Sign Up

CVE-2023-21004

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to bypass permission checks in Android's Transcode Permission Controllers, potentially gaining elevated privileges without user interaction. It affects Android 13 devices, particularly those running vulnerable Pixel builds. The flaw enables privilege escalation from a local context.

💻 Affected Systems

Products:
  • Android
  • Google Pixel devices
Versions: Android 13
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects Transcode Permission Controllers in Android 13; Pixel devices are confirmed affected per Android Security Bulletin.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code with system-level privileges, access sensitive data, or install persistent malware.

🟠

Likely Case

Limited privilege escalation allowing access to protected system functions or data that should require explicit user permission.

🟢

If Mitigated

No impact if patched; otherwise, risk depends on other security controls like SELinux policies and app sandboxing.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring physical or remote shell access to the device.
🏢 Internal Only: HIGH - Malicious apps or users with local access could exploit this to gain elevated privileges on affected devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to device; no user interaction needed but attacker needs some initial access to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2023-03-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2023-03-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install Android Security Patch Level 2023-03-01 or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Restrict local app installations

android

Prevent installation of untrusted apps that could exploit this vulnerability

adb shell settings put secure install_non_market_apps 0

🧯 If You Can't Patch

  • Implement strict app vetting policies to prevent malicious apps from being installed
  • Use mobile device management (MDM) solutions to enforce security policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android Security Patch Level in Settings > About phone > Android version. If patch level is earlier than 2023-03-01, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android Security Patch Level shows 2023-03-01 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual permission requests in system logs
  • Suspicious activity in Transcode Permission Controllers

Network Indicators:

  • None - this is a local privilege escalation

SIEM Query:

Look for events related to permission bypass or privilege escalation in Android system logs

📊 Metadata

CVE ID: CVE-2023-21004
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: March 24, 2023
Last Updated: February 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21004, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)