Login Sign Up

CVE-2023-21102

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to bypass shadow stack protection in the Android kernel, potentially leading to privilege escalation without requiring user interaction. It affects Android devices running vulnerable kernel versions, allowing attackers with local access to gain elevated privileges.

💻 Affected Systems

Products:
  • Android
Versions: Android kernel versions before May 2023 security patches
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android devices with vulnerable kernel versions. The vulnerability is in the EFI runtime wrapper code.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains root privileges, potentially installing persistent malware, accessing sensitive data, or disabling security controls.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass application sandboxes, access other user data, or install malicious applications with elevated permissions.

🟢

If Mitigated

Limited impact if devices are fully patched, have strict application sandboxing, and minimal local attack surface.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the device.
🏢 Internal Only: HIGH - Malicious apps or users with local access could exploit this to gain elevated privileges on affected Android devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and knowledge of kernel memory layout. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level May 2023 or later

Vendor Advisory: https://source.android.com/security/bulletin/2023-05-01

Restart Required: Yes

Instructions:

1. Apply the May 2023 Android security patch. 2. Update Android kernel to version containing fix for A-260821414. 3. Reboot device to apply kernel changes.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and network access to devices to reduce attack surface

Application sandboxing

android

Ensure strict application sandboxing and permission controls are enforced

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement strict application vetting and monitoring for suspicious privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is before May 2023, device is likely vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows May 2023 or later. Check kernel version against patched releases.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected privilege escalation attempts
  • SELinux/AppArmor denials related to kernel memory access

Network Indicators:

  • None - this is a local exploit

SIEM Query:

source="android_kernel" AND (event_type="privilege_escalation" OR event_type="kernel_exception")

📊 Metadata

CVE ID: CVE-2023-21102
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-754
Published: May 15, 2023
Last Updated: January 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21102, you might also want to check these:

CVE-2026-24054 10.0

A vulnerability in Kata Containers allows malformed container images with no layers to cause the hos...

Same vulnerability type (CWE-754)
CVE-2021-0211 10.0

This vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows attackers to send specia...

Same vulnerability type (CWE-754)
CVE-2024-3729 9.8

This vulnerability in the Frontend Admin WordPress plugin allows unauthenticated attackers to manipu...

Same vulnerability type (CWE-754)