Login Sign Up

CVE-2023-21052

6.7 MEDIUM

📋 TL;DR

This vulnerability allows local privilege escalation on Android devices through an out-of-bounds write in the RIL (Radio Interface Layer) component. Attackers with system execution privileges can exploit this to gain elevated access without user interaction. Affected devices include those running vulnerable Android kernel versions.

💻 Affected Systems

Products:
  • Android devices
Versions: Android kernel versions prior to March 2023 security patches
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Requires system execution privileges for initial access. Pixel devices specifically mentioned in bulletins.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code with kernel privileges, potentially installing persistent malware or accessing sensitive system data.

🟠

Likely Case

Local privilege escalation enabling attackers to bypass security restrictions and gain elevated system access on compromised devices.

🟢

If Mitigated

Limited impact if devices are fully patched and have proper security controls like SELinux enforcement and minimal privilege applications.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring initial access to the device.
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or attackers with physical access to escalate privileges on vulnerable devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires system execution privileges for initial access. No user interaction needed once initial access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2023 Android security patch level

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2023-03-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install March 2023 Android security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Restrict app permissions

android

Limit system permissions for applications to reduce attack surface

Enable SELinux enforcing mode

android

Ensure SELinux is in enforcing mode to limit privilege escalation impact

getenforce

🧯 If You Can't Patch

  • Isolate vulnerable devices from sensitive networks and data
  • Implement application allowlisting to prevent unauthorized apps from obtaining system privileges

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is earlier than March 2023, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows March 2023 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • SELinux denials related to RIL services
  • Unexpected privilege escalation attempts

Network Indicators:

  • Unusual RIL communication patterns

SIEM Query:

source="android_kernel" AND (event="panic" OR event="oops") AND process="ril-daemon"

📊 Metadata

CVE ID: CVE-2023-21052
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 24, 2023
Last Updated: February 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21052, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2018-6692 10.0

This vulnerability allows remote attackers to execute arbitrary code on Belkin Wemo Insight Smart Pl...

Same vulnerability type (CWE-787)